Greetings, * Tom Lane (t...@sss.pgh.pa.us) wrote: > Michael Paquier <mich...@paquier.xyz> writes: > > Not to make the life of everybody more complicated here, but I don't > > agree. LOGIN and REPLICATION are in my opinion completely orthogonal > > and it sounds more natural IMO that a REPLICATION user should be able > > to log into the server only if it has LOGIN defined. > > ISTM those statements are contradictory. The two privileges could > only be called orthogonal if it's possible to make use of one without > having the other. As things stand, REPLICATION without LOGIN is an > entirely useless setting.
Allowing a login to the system by a role that doesn't have the LOGIN privilege isn't sensible though. Perhaps a middle ground would be to set LOGIN on a role when REPLICATION is set on it, if it's not already set (maybe with a NOTICE or WARNING or such saying "also enabling LOGIN for role X", or maybe not if people really think it should be obvious). I don't think taking away login should take away replication though as maybe there's some reason why someone would want that, nor should we take away login if replication is taken away, this would strictly just be a change for when REPLICATION is added to a role that doesn't have LOGIN already. Thanks, Stephen
signature.asc
Description: PGP signature