Re: dividing privileges for replication role.

From: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
To: Tomonari Katsumata <t(dot)katsumata1122(at)gmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: dividing privileges for replication role.
Date: 2013-01-21 02:32:24
Message-ID: CAB7nPqRsSpQtQMhu-m5e7e3vA8ChaEUQUET4WMYtu_=9oNBd2g@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sat, Jan 19, 2013 at 12:47 PM, Tomonari Katsumata <
t(dot)katsumata1122(at)gmail(dot)com> wrote:

> a) adding new privileges for replication:"MASTER REPLICATION" and "CASCADE
> REPLICATION"
>
> "MASTER REPLICATION": Replication-connection to master server is only
> allowed
> "CASCADE REPLICATION": Replication-connection to cascade server is only
> allowed
> ("REPLICATION" already implemented means replication-connection to both
> servers is allowed)
>
This does not really solve the case you reported because, as reported in
your bug, you could still have each slave connecting to each other using
the privilege CASCADE REPLICATION. It makes even the privilege level more
complicated.

What would be necessary to solve your problem would be to have each standby
being aware that it is connected to a unique master. This is not really an
issue with privileges but more of something like having a standby scanning
its upper cluster node tree and check if there is a master connected. While
checking the cluster node tree, you will also need to be aware if a node
has already been found when you scanned it to be sure that the same node
has not been scanned, what would mean that you are in a cycle.
--
Michael Paquier
http://michael.otacoo.com

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2013-01-21 02:37:32 Re: CF3+4 (was Re: Parallel query execution)
Previous Message Craig Ringer 2013-01-21 02:23:33 Re: Contrib PROGRAM problem