Greetings,
* Alvaro Herrera (alvherre@2ndquadrant.com) wrote:
> On 2020-Apr-15, PG Doc comments form wrote:
> > If the logical replication subscription is owned by a role that is not
> > allowed to login (for example, if the LOGIN privilege is removed after the
> > subscription is created) then the logical replication worker (which uses the
> > owner to connect to the database) will start to fail with this error
> > (repeated every 5 seconds), which is pretty much undocumented:
> >
> > FATAL: role "XXX" is not permitted to log in
> > LOG: background worker "logical replication worker" (PID X) exited with
> > exit code 1
> >
> > You might want to include that error message in the docs, to ensure that web
> > searches for it bring the user to this documentation.
>
> I wonder if a better answer is to allow the connection when the
> REPLICATION priv is granted, ignoring the LOGIN prov.
Erm, no, I wouldn't have thought that'd make sense- maybe someone
specifically wants to stop allowing that role to login and they remove
LOGIN? That REPLICATION would override that would surely be surprising
and counter-intuitive..
Thanks,
Stephen