On 2020-Apr-22, Stephen Frost wrote: > * Alvaro Herrera (alvhe...@2ndquadrant.com) wrote:
> > I wonder if a better answer is to allow the connection when the > > REPLICATION priv is granted, ignoring the LOGIN prov. > > Erm, no, I wouldn't have thought that'd make sense- maybe someone > specifically wants to stop allowing that role to login and they remove > LOGIN? That REPLICATION would override that would surely be surprising > and counter-intuitive.. Well, I guess if somebody wants to stop replication, they can remove the REPLICATION priv. I had it in my mind that LOGIN was for regular (SQL-based) login, and REPLICATION was for replication login, and that they were orthogonal. You're saying that there's no way a role can have REPLICATION privs but no LOGIN. Is that sensible? -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services