Re: Special role for subscriptions

From: Euler Taveira <euler(at)timbira(dot)com(dot)br>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Jeff Davis <pgsql(at)j-davis(dot)com>, Evgeniy Efimkin <efimkin(at)yandex-team(dot)ru>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Дмитрий Сарафанников <dsarafan(at)yandex-team(dot)ru>, Андрей Бородин <x4mmm(at)yandex-team(dot)ru>, Владимир Бородин <root(at)simply(dot)name>
Subject: Re: Special role for subscriptions
Date: 2019-03-20 03:27:48
Message-ID: CAHE3wgimtk7EcquKYsszXqhT=WVkhutEEqBy1jnh6Xx0r1PznQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Em qui, 14 de mar de 2019 às 00:03, Stephen Frost <sfrost(at)snowman(dot)net> escreveu:
>
> I view that as the first step towards building a more granular privilege
> system for subscription creation, and that was the second half of what I
> was trying to say before- I do think there's value in having something
> more granular than just "this role can create ANY subscription". As an
> administrator, I might be fine with subscriptions to system X, but not
> to system Y, for example. As long as we don't block off the ability to
> build something finer grained in the future, then having the system role
> to allow a given role to do create subscription seems fine to me.
>
Isn't that what HBA rules are for? I don't see a fine grain control if
there is no node concept. You need to name the remote replication
set(s) to locally control it. Postgres replication is distributed by
design (current node doesn't need to store info about all nodes --
just those it is connected to). Node is a centralizing concept (every
node has its peers info). Is it worth add complexity to logical
replication just to satisfy a fine grain control? In this case, node
concept should be adopted in a transparent manner (which means that
CREATE PUBLICATION/SUBSCRIPTION should create iif there is no NODE
specification) -- old syntax should work but we start to accept node
info in both sides.

--
Euler Taveira Timbira -
http://www.timbira.com.br/
PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Masahiko Sawada 2019-03-20 04:11:12 Re: [HACKERS] Block level parallel vacuum
Previous Message Imai, Yoshikazu 2019-03-20 03:15:14 RE: speeding up planning with partitions