Re: Skipping logical replication transactions on subscriber side

From: Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>
To: Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>
Cc: Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, "tanghy(dot)fnst(at)fujitsu(dot)com" <tanghy(dot)fnst(at)fujitsu(dot)com>, vignesh C <vignesh21(at)gmail(dot)com>, Greg Nancarrow <gregn4422(at)gmail(dot)com>, "houzj(dot)fnst(at)fujitsu(dot)com" <houzj(dot)fnst(at)fujitsu(dot)com>, Alexey Lesovsky <lesovsky(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, "osumi(dot)takamichi(at)fujitsu(dot)com" <osumi(dot)takamichi(at)fujitsu(dot)com>
Subject: Re: Skipping logical replication transactions on subscriber side
Date: 2022-01-21 03:20:23
Message-ID: CAA4eK1LCvQJ3B_61gmpKkNfiBkg8ShQ5awqTPBtD33is=pP-Mg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, Jan 21, 2022 at 8:39 AM Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> wrote:
>
> On Fri, Jan 21, 2022 at 1:18 AM Peter Eisentraut
> <peter(dot)eisentraut(at)enterprisedb(dot)com> wrote:
> >
> > I think the superuser check in AlterSubscription() might no longer be
> > appropriate. Subscriptions can now be owned by non-superusers. Please
> > check that.
>
> IIUC we don't allow non-superuser to own the subscription yet. We
> still have the following superuser checks:
>
> In CreateSubscription():
>
> if (!superuser())
> ereport(ERROR,
> (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
> errmsg("must be superuser to create subscriptions")));
>
> and in AlterSubscriptionOwner_internal();
>
> /* New owner must be a superuser */
> if (!superuser_arg(newOwnerId))
> ereport(ERROR,
> (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
> errmsg("permission denied to change owner of
> subscription \"%s\"",
> NameStr(form->subname)),
> errhint("The owner of a subscription must be a superuser.")));
>
> Also, doing superuser check here seems to be consistent with
> pg_replication_origin_advance() which is another way to skip
> transactions and also requires superuser permission.
>

+1. I think this feature has the potential to make data inconsistent
and only be used as a last resort to resolve the conflicts so it is
better to allow this as a superuser.

--
With Regards,
Amit Kapila.

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Noah Misch 2022-01-21 03:30:42 Re: XLogReadRecord() error in XlogReadTwoPhaseData()
Previous Message houzj.fnst@fujitsu.com 2022-01-21 03:14:55 RE: row filtering for logical replication