Participants
Magnus Hagander
Magnus Hagander
Bruce Momjian
Bruce Momjian
Attachments
Thread Outline
#1Magnus HaganderMagnus Hagander
Sep 06, 2023
#2Bruce MomjianBruce Momjianto Magnus Hagander (#1)
Sep 06, 2023

Release notes wording about logical replication as table owner

Started by Magnus Haganderover 2 years ago2 messages
#1Magnus Hagander
Magnus Hagander
magnus@hagander.net

We have:

"This improves security and now requires subscription owners to be
either superusers or to have SET ROLE permissions on all tables in the
replication set. The previous behavior of performing all operations as
the subscription owner can be enabled with the subscription
run_as_owner option."

How does one have SET ROLE permissions on a table? I think that's
supposed to be:

"subscription owners be either superusers or to have SET ROLE
permissions on all roles owning tables in the replication set."

Or something like that? Or can someone suggest a better wording?

//Magnus

#2Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Magnus Hagander (#1)
1 attachment(s)
Re: Release notes wording about logical replication as table owner

On Wed, Sep 6, 2023 at 09:29:25PM +0200, Magnus Hagander wrote:

We have:

"This improves security and now requires subscription owners to be
either superusers or to have SET ROLE permissions on all tables in the
replication set. The previous behavior of performing all operations as
the subscription owner can be enabled with the subscription
run_as_owner option."

How does one have SET ROLE permissions on a table? I think that's
supposed to be:

"subscription owners be either superusers or to have SET ROLE
permissions on all roles owning tables in the replication set."

Or something like that? Or can someone suggest a better wording?

You are exactly corrected. Patch attached and applied.

--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com

Only you can decide what is important to you.

Attachments:

role.difftext/x-diff; charset=us-asciiDownload
diff --git a/doc/src/sgml/release-16.sgml b/doc/src/sgml/release-16.sgml
index 0fa0d25fe1..5f174e99f6 100644
--- a/doc/src/sgml/release-16.sgml
+++ b/doc/src/sgml/release-16.sgml
@@ -1818,7 +1818,7 @@ Author: Robert Haas <rhaas@postgresql.org>
        This improves security and now requires subscription
        owners to be either superusers or to have <link
        linkend="sql-set-role"><command>SET ROLE</command></link>
-       permissions on all tables in the replication set.
+       permission on all roles owning tables in the replication set.
        The previous behavior of performing all operations as the
        subscription owner can be enabled with the subscription <link
        linkend="sql-createsubscription"><option>run_as_owner</option></link>
← Back to Topics