Re: logical replication access control patches

Hi,

I went over this patch set, don't really have all that much to say
except it looks good for the most part (details inline).

On 16/03/17 02:54, Peter Eisentraut wrote:
> New patch set based on the discussions. I have dropped the PUBLICATION
> privilege patch. The patches are also reordered a bit in approximate
> decreasing priority order.
>
> 0001 Refine rules for altering publication owner
>
> kind of a bug fix

Agreed, this can be committed as is.

>
> 0002 Change logical replication pg_hba.conf use
>
> This was touched upon in the discussion at
> <https://www.postgresql.org/message-id/flat/CAB7nPqRf8eOv15SPQJbC1npJoDWTNPMTNp6AvMN-XWwB53h2Cg%40mail.gmail.com>
> and seems to have been viewed favorably there.

Seems like a good idea and I think can be committed as well.

>
> 0003 Add USAGE privilege for publications
>
> a way to control who can subscribe to a publication
>

Hmm IIUC this removes ability of REPLICATION role to subscribe to
publications. I am not quite sure I like that.

> 0004 Add subscription apply worker privilege checks
>
> This is a prerequisite for the next one (or one like it).
>
> 0005 Add CREATE SUBSCRIPTION privilege on databases
>
> Need a way to determine which user can create subscriptions. The
> presented approach made sense to me, but maybe there are other ideas.
>

The CREATE SUBSCRIPTION as name of privilege is bit weird but something
like SUBSCRIBE would be more fitting for publish side (to which you
subscriber) so don't really have a better name. I like that the patches
cache the acl result so performance impact should be negligible.

--
Petr Jelinek http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services