RE: pg_replication_origin_session_setup and superuser

Thanks. This seems to be the fix we need.
Would it be possible to push it to previous versions? 12 or 13?

Zohar

-----Original Message-----
From: Michael Paquier <michael(at)paquier(dot)xyz>
Sent: Tuesday, February 16, 2021 2:52 AM
To: Zohar Gofer <Zohar(dot)Gofer(at)amdocs(dot)com>
Cc: pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: pg_replication_origin_session_setup and superuser

On Mon, Feb 15, 2021 at 09:37:53AM +0000, Zohar Gofer wrote:
> In my mind the requirement for superuser is too strong. I think that
> requiring privileges of a replication user is more suitable. This way
> we can require that only a user with replication privileges will
> actually do replication, even if this is not really a replication.

PostgreSQL 14 will remove those hardcoded superuser checks. Please see this thread:
https://www.postgresql.org/message-id/CAPdiE1xJMZOKQL3dgHMUrPqysZkgwzSMXETfKkHYnBAB7-0VRQ@mail.gmail.com
And its related commit:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cc072641d41c55c6aa24a331fc1f8029e0a8d799

While the default is still superuser-only, it becomes possible to grant access to this stuff to other roles that have no need to be superusers.
--
Michael
This email and the information contained herein is proprietary and confidential and subject to the Amdocs Email Terms of Service, which you may review at https://www.amdocs.com/about/email-terms-of-service <https://www.amdocs.com/about/email-terms-of-service>