Home > mailing lists

Re: Non-superuser subscription owners - Mailing list pgsql-hackers

From	Jeff Davis
Subject	Re: Non-superuser subscription owners
Date	November 18, 2021 00:10:20
Msg-id	f50c2f2657cc801914e8df190df15f05c6a25cf3.camel@j-davis.com Whole thread Raw
In response to	Re: Non-superuser subscription owners (Mark Dilger <mark.dilger@enterprisedb.com>)
Responses	Re: Non-superuser subscription owners
List	pgsql-hackers

Tree view

On Wed, 2021-11-17 at 10:48 -0800, Mark Dilger wrote:
> GRANT *might* be part of some solution, but it is unclear to me how
> best to do it.  The various configuration parameters on subscriptions
> entail different security concerns.  We might take a fine-grained
> approach and create a predefined role for each

I think you misunderstood the idea: not using predefined roles, just
plain old ordinary GRANT on a subscription object to ordinary roles.

   GRANT REFRESH ON SUBSCRIPTION sub1 TO nonsuper;

This should be easy enough because the subscription is a real object,
right?

Regards,
    Jeff Davis

pgsql-hackers by date:

From: Jeff Davis
Date: 18 November 2021, 00:06:32
Subject: Re: Non-superuser subscription owners

From: Lars Kanis
Date: 18 November 2021, 00:13:33
Subject: Windows: Wrong error message at connection termination

Re: Non-superuser subscription owners - Mailing list pgsql-hackers

Previous

Next