Hi,
I made a patch to divide privileges for replication role.
Currently(9.2), the privilege for replication role is
true / false which means that standby server is able to
connect to another server or not with the replication role.
This management and cascading replication make a strange behavior.
Because cascading replication is able to connect to another standby server,
we can see the cyclic situation.
This behavior has been discussed on Hackers-list(1),
but the conclusion was that's difficult to detect the situation.
(1) http://www.postgresql.org/message-id/50D12E8F.8000808@agliodbs.com
And then, I've reported a Bug-list(2) about this.
In this discussion, an idea that controlling
replication-connection with GUC parameter or privileges on
replication role comes up.
I think these can not avoid cyclic situation but will make some help for
DBA.
(2) http://www.postgresql.org/message-id/E1TtVvj-0004B3-2Z@wrigleys.postgresql.org
In this patch, I made below.
a) adding new privileges for replication:"MASTER REPLICATION" and "CASCADE REPLICATION"
"MASTER REPLICATION": Replication-connection to master server is only allowed
"CASCADE REPLICATION": Replication-connection to cascade server is only allowed
("REPLICATION" already implemented means replication-connection to both servers is allowed)
b) addin above options in createuser command
--master-replication
--cascade-replication
c) dumping pg_authid.rolreplication value in pg_dumpall
is changed by server version like this:
from 9.1
true -> master-replication
false -> noreplication
from 9.2
true -> replication(master & cascade)
false -> noreplication
I've not write any documents and tests for this yet,
but I want any comments whether this change is needed or not.
regards,
---------
NTT Software Corporation
Tomonari Katsumata
