Re: Streaming replication as a separate permissions

Florian G. Pflug <fgp@phlo.org>

From: Florian Pflug <fgp@phlo.org>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robert Haas <robertmhaas@gmail.com>, Magnus Hagander <magnus@hagander.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-12-24T11:34:52Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Allow Win32 to compile under MinGW. Major changes are:

On Dec24, 2010, at 05:00 , Tom Lane wrote:
> Florian Pflug <fgp@phlo.org> writes:
>> The problem here is that you suggest NOLOGIN should mean "Not allowed
>> to issue SQL commands", which really isn't what the name "NOLOGIN"
>> conveys.
> 
> No, it means "not allowed to connect".

Exactly. Which proves my point, unless you're ready to argue that
replication connections somehow don't count as "connections".

> It's possible now to issue
> commands as a NOLOGIN user, you just have to use SET ROLE to become the
> user.  I think you're arguing about a design choice that was already
> made some time ago.


You've lost me, how is that an argument in your favour? I *wasn't* arguing
that NOLOGIN ought to mean "No allowed to issue SQL commands". It was what
*your* proposal of letting a role connect for replication purposes despite
a NOLOGIN flag would *make* NOLOGIN mean.

best regards,
Florian Pflug