On Mon, Aug 9, 2021 at 9:50 PM Mark Dilger <mark.dil...@enterprisedb.com> wrote: > > > On Aug 6, 2021, at 1:32 AM, vignesh C <vignes...@gmail.com> wrote: > > > > the attached v19 patch > > With v19 applied, a schema owner can publish the contents of a table > regardless of ownership or permissions on that table: > ... ... > > It is a bit counterintuitive that schema owners do not have administrative > privileges over tables within their schemas, but that's how it is. The > design of this patch seems to assume otherwise. Perhaps ALTER PUBLICATION > ... ADD SCHEMA should be restricted to superusers, just as FOR ALL TABLES? >
+1. Your suggestion sounds reasonable to me. > Alternatively, you could add ownership checks per table to mirror the > behavior of ALTER PUBLICATION ... ADD TABLE, but that would foreclose the > option of automatically updating the list of tables in the publication as new > tables are added to the schema, since those new tables would not necessarily > belong to the schema owner, and having a error thrown during CREATE TABLE > would be quite unfriendly. I think until this is hammered out, it is safer > to require superuser privileges and then we can revisit this issue and loosen > the requirement in a subsequent commit. > I think the same argument can be made for "FOR ALL TABLES .." as well. So, let's leave such a requirement for another patch. -- With Regards, Amit Kapila.
