On Fri, Mar 22, 2019 at 10:15:59AM +0800, Andrey Borodin wrote:
> It seems to me that we have consensus that:
> 1. We need special role to create subscription
> 2. This role can create subscription with some security checks
> 3. We have complete list of possible security checks
These are basically that the truncate, insert, delete and insert
rights for the role creating the subscription. Why would we actually
need that?
> 4. We have code that implements most of these checks (I believe
> pg_subscription_role_v2.patch is enough, but we can tighten checks a
> little more)
If a unique system role is the conclusion on the matter, it looks so.
> If not, it is RFC, it should not be returned.
The patch still needs some work before being RFC. From what I can
read, pg_dump still ignores roles which are members of the system role
pg_subscription_users and these should be able to dump subscriptions,
so you have at least one problem.
--
Michael