Re: running logical replication as the subscription owner - Mailing list pgsql-hackers

From Robert Haas
Subject Re: running logical replication as the subscription owner
Date
Msg-id CA+TgmoZ+X2+MUfaYJREP3Cd2Co0uP8drxuNvnYf3QdW5VzBMZw@mail.gmail.com
Whole thread Raw
In response to Re: running logical replication as the subscription owner  (Jeff Davis <pgsql@j-davis.com>)
Responses Re: running logical replication as the subscription owner
List pgsql-hackers
On Fri, Mar 31, 2023 at 6:46 PM Jeff Davis <pgsql@j-davis.com> wrote:
> I guess the "more convenient" is where I'm confused, because the "grant
> subscription_owner to table owner with set role true" is not likely to
> be conveniently already present; it would need to be issued manually to
> take advantage of this special case.

You and I disagree about the likelihood of that, but I could well be wrong.

> Do you have any concern about the weirdness where assigning the
> subscription to a higher-privilege user Z would cause B's trigger to
> fail?

Not very much. I think the biggest risk is user confusion, but I don't
think that's a huge risk because I don't think this scenario will come
up very often. Also, it's kind of hard to imagine that there's a
security model here which never does anything potentially surprising.

--
Robert Haas
EDB: http://www.enterprisedb.com



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: [EXTERNAL] Re: [PATCH] Report the query string that caused a memory error under Valgrind
Next
From: Robert Haas
Date:
Subject: Re: running logical replication as the subscription owner