[HACKERS] logical replication access control patches - Mailing list pgsql-hackers

From Peter Eisentraut
Subject [HACKERS] logical replication access control patches
Date
Msg-id 7a33990f-75b1-5a4f-e7c0-223e15b84c11@2ndquadrant.com
Whole thread Raw
Responses Re: [HACKERS] logical replication access control patches
Re: [HACKERS] logical replication access control patches
List pgsql-hackers
Here is a patch set to refine various access control settings in logical
replication.  Currently, you need to be replication or superuser for
most things, and the goal of these patches is to allow ordinary users
equipped with explicit privileges to do most things.  (Btw., current
documentation is here:
https://www.postgresql.org/docs/devel/static/logical-replication-security.html)

0001 Refine rules for altering publication owner

No conceptual changes here, just some fixes to allow altering
publication owner in more cases.

0002 Add PUBLICATION privilege

Add a new privilege kind to tables to determine whether they can be
added to a publication.

0003 Add USAGE privilege for publications

This controls whether a subscription can use the publication.

There is an open issue with this patch:  Since the walsender reads
system catalogs according to what it is currently streaming, you can't
grant this privilege after a subscription has already tried to connect
and failed, because the grant will only appear in the "future" of the
stream.  (You can drop and recreate the subscription, as the test
shows.)  This might need some snapshot trickery around the aclcheck call.

0004 Add CREATE SUBSCRIPTION privilege on databases

New privilege to allow creating a subscription, currently restricted to
superuser.

(We could also add a CREATE PUBLICATION privilege for symmetry.
Currently, publications use the CREATE privilege that schemas also use.)

0005 Add subscription apply worker privilege checks

Makes apply workers check privileges on tables before writing to them.
Currently, all subscription owners are superuser, but 0004 proposes to
change that.

0006 Change logical replication pg_hba.conf use

No longer use the "replication" keyword in pg_hba.conf for logical
replication.  Use the normal database entries instead.

Relates to
https://www.postgresql.org/message-id/flat/CAB7nPqRf8eOv15SPQJbC1npJoDWTNPMTNp6AvMN-XWwB53h2Cg%40mail.gmail.com

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Attachment

pgsql-hackers by date:

Previous
From: Tomas Vondra
Date:
Subject: Re: [HACKERS] gitlab post-mortem: pg_basebackup waiting forcheckpoint
Next
From: Tom Lane
Date:
Subject: Re: [HACKERS] pg_recvlogical.c doesn't build with --disable-integer-datetimes