> On May 10, 2022, at 8:44 AM, Bruce Momjian <bruce@momjian.us> wrote:
>
> I have completed the first draft of the PG 15 release notes and you can
> see the results here
Thanks, Bruce! This release note:
• Prevent logical replication into tables where the subscription owner is subject to the table's row-level security
policies(Mark Dilger)
... should mention, independent of any RLS considerations, subscriptions are now applied under the privilege of the
subscriptionowner. I don't think we can fit it in the release note, but the basic idea is that:
CREATE SUBSCRIPTION ... CONNECTION '...' PUBLICATION ... WITH (enabled = false);
ALTER SUBSCRIPTION ... OWNER TO nonsuperuser_whoever;
ALTER SUBSCRIPTION ... ENABLE;
can be used to replicate a subscription without sync or apply workers operating as superuser. That's the main
advantage. Previously, subscriptions always ran with superuser privilege, which creates security concerns if the
publisheris malicious (or foolish). Avoiding any unintentional bypassing of RLS was just a necessary detail to close
thesecurity loophole, not the main point of the security enhancement.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
