All, Andres,
Now that we have begun removing the if (!superuser) checks and instead
relying on the GRANT system to determine who is allowed to call certain
functions, it's time to consider functions beyond the initial set.
In particular, the pg_logical_* functions have superuser checks and
those checks also allow roles who have the replication role attribute.
That isn't something we can represent with the GRANT system currently.
The main question is if it really makes sense for the replication role
attribute to control access to these functions. Personally, I'd rather
restrict replication roles (who are not also superusers) from connecting
to PG at all.
Andres, I figured you would have the best idea about how impactful such
a change would be on users of those functions.
Thoughts?
Thanks!
Stephen