On Thu, 2021-11-25 at 09:51 +0530, Amit Kapila wrote: > Won't it be better to just check if the current user is superuser > before applying each change as a matter of this first patch? Sorry, I > was under impression that first, we want to close the current gap > where we allow to proceed with replication if the user's superuser > privileges were revoked during replication.
That could be a first step, and I don't oppose it. But it seems like a very small first step that would be made obsolete when v3-0001 is ready, which I think will be very soon. > To allow non-superusers > owners, I thought it might be better to first try to detect the > change > of ownership In the case of revoked superuser privileges, there's no change in ownership, just a change of privileges (SUPERUSER -> NOSUPERUSER). And if we're detecting a change of privileges, why not just do it in something closer to the right way, which is what v3-0001 is attempting to do. > as soon as possible instead of at the transaction > boundary. I don't understand why it's important to detect a loss of privileges faster than a transaction boundary. Can you elaborate? Regards, Jeff Davis