On Fri, May 13, 2022, at 3:36 AM, Antonin Houska wrote:
Attached is my proposal. It tries to be more specific and does not mention the
absence of the privileges explicitly.
You explained the current issue but say nothing about the limitation. This
information will trigger a question possibly in one of the MLs. IMO if you say
something like the sentence above at the end, it will make it clear why that
setup expose all data (there is no access control to publications) and
explicitly say there is a TODO here.
Additional privileges might be added to control access to table data in a
future version of <productname>PostgreSQL</productname>.
I also wouldn't use the warning tag because it fits in the same category as the
other restrictions listed in the page.