On Tue, May 10, 2022, at 5:37 AM, Antonin Houska wrote: > My understanding is that the rows/columns filtering is a way for the > *publisher* to control which data is available to particular replica. From > this point of view, the publication privileges would just make the control > complete. I agree. IMO it is a new feature. We already require high privilege for logical replication. Hence, we expect the replication user to have access to all data. Unfortunately, nobody mentioned about this requirement during the row filter / column list development; someone could have written a patch for GRANT ... ON PUBLICATION.
I understand your concern. Like I said in my last sentence in the previous email: it is a fine-grained access control on the publisher. Keep in mind that it will *only* work for non-superusers (REPLICATION attribute). It is not exposing something that we didn't expose before. In this particular case, there is no mechanism to prevent the subscriber to obtain data provided by the various row filters if they know the publication names. We could probably add a sentence to "Logical Replication > Security" section: There is no privileges for publications. If you have multiple publications in a database, a subscription can use all publications available. -- Euler Taveira EDB https://www.enterprisedb.com/