On Wed, Mar 20, 2019 at 11:58:04PM +0800, Andrey Borodin wrote:
>> 20 марта 2019 г., в 21:46, Robert Haas <robertmhaas@gmail.com> написал(а):
>> I think we should view this permission as "you can create
>> subscriptions, plain and simple".
>
> That sounds good.
> From my POV, the purpose of the patch is to allow users to transfer
> their database via logical replication. Without superuser privileges
> (e.g. to the managed cloud with vanilla postgres).
A system role to be able to create subscriptions is perhaps a too big
hammer as that would apply to all databases of a system, still we may
be able to live with that.
Perhaps we would want something at database level different from GRANT
CREATE ON DATABASE, but only for subscriptions? This way, it is
possible to have per-database groups having the right to create
subscriptions, and I'd like to think that we should not include
subcription creation into the existing CREATE rights. It would be
kind of funny to not have CREATE include the creation of this specific
object though :)
--
Michael
