On Tue, May 10, 2022 at 03:12:18PM -0700, Mark Dilger wrote: > > > > On May 10, 2022, at 8:44 AM, Bruce Momjian <br...@momjian.us> wrote: > > > > I have completed the first draft of the PG 15 release notes and you can > > see the results here > > > Thanks, Bruce! This release note: > > • Prevent logical replication into tables where the subscription owner > is subject to the table's row-level security policies (Mark Dilger) > > ... should mention, independent of any RLS considerations, subscriptions are > now applied under the privilege of the subscription owner. I don't think we > can fit it in the release note, but the basic idea is that: > > CREATE SUBSCRIPTION ... CONNECTION '...' PUBLICATION ... WITH (enabled > = false); > ALTER SUBSCRIPTION ... OWNER TO nonsuperuser_whoever; > ALTER SUBSCRIPTION ... ENABLE; > > can be used to replicate a subscription without sync or apply workers > operating as superuser. That's the main advantage. Previously, > subscriptions always ran with superuser privilege, which creates security > concerns if the publisher is malicious (or foolish). Avoiding any > unintentional bypassing of RLS was just a necessary detail to close the > security loophole, not the main point of the security enhancement.
Oh, interesting. New text: <!-- Author: Jeff Davis <jda...@postgresql.org> 2022-01-07 [a2ab9c06e] Respect permissions within logical replication. --> <listitem> <para> Allow logical replication to run as the owner of the publication (Mark Dilger) </para> <para> Because row-level security policies are not checked, only superusers, roles with bypassrls, and table owners can replicate into tables with row-level security policies. </para> </listitem> How is this? -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com Indecision is a decision. Inaction is an action. Mark Batterson