Please find attached a new set of patches.
> On May 27, 2021, at 11:06 PM, Noah Misch <noah@leadboat.com> wrote:
>
> pg_logical_replication would not be safe to delegate that way:
> https://postgr.es/m/flat/CACqFVBbx6PDq%2B%3DvHM0n78kHzn8tvOM-kGO_2q_q0zNAMT%2BTzdA%40mail.gmail.com
v3-0001 creates a pg_logical_replication role and respects privileges on tables in the table sync and apply workers.
Withthis change, by creating a user in role pg_logical_replication, only giving that user INSERT, UPDATE, DELETE, or
TRUNCATEprivileges as appropriate on the intended tables, and having that user rather than a superuser create a
subscription,one may prevent the replication of unwanted DML on these tables as well as the replication of any DML to
anyother tables.
> On Jun 14, 2021, at 5:51 AM, torikoshia <torikoshia@oss.nttdata.com> wrote:
>
> BTW, do these patches enable non-superusers to create user with
> bypassrls?
v3-0004 creates a pg_database_security role and allows users in this role to create roles with BYPASSRLS.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company