Privileges on PUBLICATION - Mailing list pgsql-hackers

From Antonin Houska
Subject Privileges on PUBLICATION
Date
Msg-id 20330.1652105397@antos
Whole thread Raw
Responses Re: Privileges on PUBLICATION
List pgsql-hackers
Now that the user can specify rows and columns to be omitted from the logical
replication [1], I suppose hiding rows and columns from the subscriber is an
important use case. However, since the subscription connection user (i.e. the
user specified in the CREATE SUBSCRIPTION ... CONNECTION ... command) needs
SELECT permission on the replicated table (on the publication side), he can
just use another publication (which has different filters or no filters at
all) to get the supposedly-hidden data replicated.

Don't we need privileges on publication (e.g GRANT USAGE ON PUBLICATION ...)
now?

[1] https://www.postgresql.org/docs/devel/sql-createpublication.html

-- 
Antonin Houska
Web: https://www.cybertec-postgresql.com



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: 2022-05-12 release announcement draft
Next
From: "Jonathan S. Katz"
Date:
Subject: Re: 2022-05-12 release announcement draft