v1-0001-Add-hints-for-sequence-sync-permission-warnings.patch
application/octet-stream
Filename: v1-0001-Add-hints-for-sequence-sync-permission-warnings.patch
Type: application/octet-stream
Part: 0
Patch
Format: format-patch
Series: patch v1-0001
Subject: Add hints for sequence sync permission warnings
| File | + | − |
|---|---|---|
| doc/src/sgml/logical-replication.sgml | 8 | 4 |
| src/backend/replication/logical/sequencesync.c | 5 | 2 |
From 9910860770045cf8ee365cfeaaa90561f5b1e43f Mon Sep 17 00:00:00 2001
From: Fujii Masao <fujii@postgresql.org>
Date: Wed, 24 Jun 2026 08:14:36 +0900
Subject: [PATCH v1] Add hints for sequence sync permission warnings
---
doc/src/sgml/logical-replication.sgml | 12 ++++++++----
src/backend/replication/logical/sequencesync.c | 7 +++++--
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/doc/src/sgml/logical-replication.sgml b/doc/src/sgml/logical-replication.sgml
index 9e7868487de..f0c25a75460 100644
--- a/doc/src/sgml/logical-replication.sgml
+++ b/doc/src/sgml/logical-replication.sgml
@@ -2542,9 +2542,10 @@ CONTEXT: processing remote data for replication origin "pg_16395" during "INSER
</para>
<para>
- In order to be able to copy the initial table or sequence data, the role
- used for the replication connection must have the <literal>SELECT</literal>
- privilege on a published table or sequence (or be a superuser).
+ In order to be able to copy the initial table data or synchronize
+ sequences, the role used for the replication connection must have the
+ <literal>SELECT</literal> privilege on a published table or sequence (or be
+ a superuser).
</para>
<para>
@@ -2602,7 +2603,10 @@ CONTEXT: processing remote data for replication origin "pg_16395" during "INSER
needs privileges to <literal>SELECT</literal>, <literal>INSERT</literal>,
<literal>UPDATE</literal>, and <literal>DELETE</literal> from the
target table, and does not need privileges to <literal>SET ROLE</literal>
- to the table owner. However, this also means that any user who owns
+ to the table owner. When synchronizing sequences, the subscription owner
+ similarly needs <literal>UPDATE</literal> privilege on the target sequence
+ and does not need privileges to <literal>SET ROLE</literal> to the sequence
+ owner. However, this also means that any user who owns
a table into which replication is happening can execute arbitrary code with
the privileges of the subscription owner. For example, they could do this
by simply attaching a trigger to one of the tables which they own.
diff --git a/src/backend/replication/logical/sequencesync.c b/src/backend/replication/logical/sequencesync.c
index f47f962c7db..7910d610c60 100644
--- a/src/backend/replication/logical/sequencesync.c
+++ b/src/backend/replication/logical/sequencesync.c
@@ -206,7 +206,9 @@ report_sequence_errors(List *mismatched_seqs_idx,
errmsg_plural("insufficient privileges on subscriber sequence (%s)",
"insufficient privileges on subscriber sequences (%s)",
list_length(sub_insuffperm_seqs_idx),
- seqstr.data));
+ seqstr.data),
+ MySubscription->runasowner ?
+ errhint("Grant UPDATE on the sequence to the subscription owner on the subscriber.") : 0);
}
if (pub_insuffperm_seqs_idx)
@@ -217,7 +219,8 @@ report_sequence_errors(List *mismatched_seqs_idx,
errmsg_plural("insufficient privileges on publisher sequence (%s)",
"insufficient privileges on publisher sequences (%s)",
list_length(pub_insuffperm_seqs_idx),
- seqstr.data));
+ seqstr.data),
+ errhint("Grant SELECT on the sequence to the role used for the replication connection on the publisher."));
}
if (missing_seqs_idx)
--
2.53.0