Now that the user can specify rows and columns to be omitted from the logical
replication [1], I suppose hiding rows and columns from the subscriber is an
important use case. However, since the subscription connection user (i.e. the
user specified in the CREATE SUBSCRIPTION ... CONNECTION ... command) needs
SELECT permission on the replicated table (on the publication side), he can
just use another publication (which has different filters or no filters at
all) to get the supposedly-hidden data replicated.
Don't we need privileges on publication (e.g GRANT USAGE ON PUBLICATION ...)
now?
[1] https://www.postgresql.org/docs/devel/sql-createpublication.html
--
Antonin Houska
Web: https://www.cybertec-postgresql.com