On Mon, Aug 9, 2021 at 9:50 PM Mark Dilger <mark.dilger@enterprisedb.com> wrote:
>
> > On Aug 6, 2021, at 1:32 AM, vignesh C <vignesh21@gmail.com> wrote:
> >
> > the attached v19 patch
>
> With v19 applied, a schema owner can publish the contents of a table regardless of ownership or permissions on that
table:
>
...
...
>
> It is a bit counterintuitive that schema owners do not have administrative privileges over tables within their
schemas,but that's how it is. The design of this patch seems to assume otherwise. Perhaps ALTER PUBLICATION ... ADD
SCHEMAshould be restricted to superusers, just as FOR ALL TABLES?
>
+1. Your suggestion sounds reasonable to me.
> Alternatively, you could add ownership checks per table to mirror the behavior of ALTER PUBLICATION ... ADD TABLE,
butthat would foreclose the option of automatically updating the list of tables in the publication as new tables are
addedto the schema, since those new tables would not necessarily belong to the schema owner, and having a error thrown
duringCREATE TABLE would be quite unfriendly. I think until this is hammered out, it is safer to require superuser
privilegesand then we can revisit this issue and loosen the requirement in a subsequent commit.
>
I think the same argument can be made for "FOR ALL TABLES .." as well.
So, let's leave such a requirement for another patch.
--
With Regards,
Amit Kapila.
