Re: Non-superuser subscription owners
Jeff Davis <pgsql@j-davis.com>
From: Jeff Davis <pgsql@j-davis.com>
To: Mark Dilger <mark.dilger@enterprisedb.com>, Amit Kapila <amit.kapila16@gmail.com>
Cc: Andrew Dunstan <andrew@dunslane.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>, Robert Haas <robertmhaas@gmail.com>
Date: 2021-11-29T18:22:47Z
Lists: pgsql-hackers
On Mon, 2021-11-29 at 08:26 -0800, Mark Dilger wrote: > > On Nov 28, 2021, at 9:56 PM, Amit Kapila <amit.kapila16@gmail.com> > > wrote: > > > > In ExecUpdate(), we convert Update to DELETE+INSERT when the > > partition constraint is failed whereas, on the subscriber-side, it > > will simply fail in this case. Thank you, yes, that's the more important case. > This particular DELETE+INSERT problem sounds important but unrelated > and out of scope. +1 > > I agree that if we want to do all of this then that would require a > > lot of changes. However, giving an error for RLS-enabled tables > > might > > also be too restrictive. The few alternatives could be that (a) we > > allow subscription owners to be either have "bypassrls" attribute > > or > > they could be superusers. (b) don't allow initial table_sync for > > rls > > enabled tables. (c) evaluate/analyze what is required to allow Copy > > From to start respecting RLS policies. (d) reject replicating any > > changes to tables that have RLS enabled. Maybe a combination? Allow subscriptions with copy_data=true iff the subscription owner is bypassrls or superuser. And then enforce RLS+WCO during insert/update/delete. I don't think it's a big change (correct me if I'm wrong), and it allows good functionality now, and room to improve in the future if we want to bring in more of ExecInsert into logical replication. Regards, Jeff Davis
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Fix possible crash in tablesync worker.
- b5c517379a40 16.0 landed
-
Display 'password_required' option for \dRs+ command.
- 19e65dff38bd 16.0 landed
-
Restart the apply worker if the 'password_required' option is changed.
- c1cc4e688b60 16.0 landed
-
Fix possible logical replication crash.
- e7e7da2f8d57 16.0 landed
-
Add new predefined role pg_create_subscription.
- c3afe8cf5a1e 16.0 landed
-
Expand AclMode to 64 bits
- 7b378237aa80 16.0 cited
-
More cleanup of a2ab9c06ea.
- 96a6f11c0625 15.0 landed
-
Respect permissions within logical replication.
- a2ab9c06ea15 15.0 landed
-
Improve table locking behavior in the face of current DDL.
- 2ad36c4e44c8 9.2.0 cited