On Tue, May 10, 2022 at 03:12:18PM -0700, Mark Dilger wrote:
>
>
> > On May 10, 2022, at 8:44 AM, Bruce Momjian <[email protected]> wrote:
> >
> > I have completed the first draft of the PG 15 release notes and you can
> > see the results here
>
>
> Thanks, Bruce! This release note:
>
> • Prevent logical replication into tables where the subscription owner
> is subject to the table's row-level security policies (Mark Dilger)
>
> ... should mention, independent of any RLS considerations, subscriptions are
> now applied under the privilege of the subscription owner. I don't think we
> can fit it in the release note, but the basic idea is that:
>
> CREATE SUBSCRIPTION ... CONNECTION '...' PUBLICATION ... WITH (enabled
> = false);
> ALTER SUBSCRIPTION ... OWNER TO nonsuperuser_whoever;
> ALTER SUBSCRIPTION ... ENABLE;
>
> can be used to replicate a subscription without sync or apply workers
> operating as superuser. That's the main advantage. Previously,
> subscriptions always ran with superuser privilege, which creates security
> concerns if the publisher is malicious (or foolish). Avoiding any
> unintentional bypassing of RLS was just a necessary detail to close the
> security loophole, not the main point of the security enhancement.
Oh, interesting. New text:
<!--
Author: Jeff Davis <[email protected]>
2022-01-07 [a2ab9c06e] Respect permissions within logical replication.
-->
<listitem>
<para>
Allow logical replication to run as the owner of the publication (Mark
Dilger)
</para>
<para>
Because row-level security policies are not checked, only
superusers, roles with bypassrls, and table owners can replicate
into tables with row-level security policies.
</para>
</listitem>
How is this?
--
Bruce Momjian <[email protected]> https://momjian.us
EDB https://enterprisedb.com
Indecision is a decision. Inaction is an action. Mark Batterson
