On 14/03/17 19:47, Robert Haas wrote: > On Tue, Mar 14, 2017 at 2:41 PM, Petr Jelinek > <petr.jeli...@2ndquadrant.com> wrote: >> My understanding of what Shephen is proposing is, you have "ownerA" of >> tableA and "ownerB" of tableB, then you want role "publishe"r to be able >> to publish those, so you simply grant it the "ownerA" and "ownerB" >> roles. Obviously that might is many situations mean that the "publisher" >> role potentially also gets sweeping privileges to other tables which may >> not be desirable. > > I didn't hear Stephen propose that "publish" should be a > role-attribute, and I don't understand why that would be a good idea. > Presumably, we don't want unprivileged users to be able to fire up > logical replication because that involves making connections to other > systems from the PostgreSQL operating system user's account, and that > should be a privileged operation. But that's the subscriber side, not > the publisher side. > > I don't otherwise follow Stephen's argument. It seems like he's > complaining that PUBLISH might give more access to the relation than > SELECT, but, uh, that's what granting additional privileges does in > general, by definition. Mostly we consider that a feature, not a bug. >
Not what I mean - owner should be able to publish table. If you are granted role of the owner you can do what owner can no? That's how I understand Stephen's proposal. -- Petr Jelinek http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
