Andrey Borodin schrieb am 22.01.2021 um 08:32:
> Replication is running under superuser and e.g. one can add system catalog to subscription.
> Or exploit this fact other way. Having superuser you can just COPY FROM PROGRAM anything.
It was my understanding that the replication process itself runs with the user specified
when creating the subscription - which is no necessarily a superuser. Only a user that
is part of the "replication" role.
The replication user also needs to be granted SELECT privileges on all tables of the publication,
so it's quite easy to control what the replication user has access to.
Plus the publication also limits what the replication can see.
I second the idea that not requiring a superuser to create a subscription would make things
a lot easier. We worked around that by creating a security definer function that runs
the CREATE SUBSCRIPTION command.
Thomas