Thread

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Doc: Clarify publication privilege requirements.

  1. Improve documentation of publication privilege checks

    Shlok Kyal <shlok.kyal.oss@gmail.com> — 2025-12-23T08:59:03Z

    Hi Hackers,
    
    While reviewing the Security section of the logical replication
    documentation, I felt that the description of privilege requirements
    for publications is ambiguous, and clarity could be improved by
    explicitly mentioning the associated SQL syntax. Thoughts?
    
    Thanks,
    Shlok Kyal
    
  2. Re: Improve documentation of publication privilege checks

    Chao Li <li.evan.chao@gmail.com> — 2025-12-23T09:16:47Z

    
    > On Dec 23, 2025, at 16:59, Shlok Kyal <shlok.kyal.oss@gmail.com> wrote:
    > 
    > Hi Hackers,
    > 
    > While reviewing the Security section of the logical replication
    > documentation, I felt that the description of privilege requirements
    > for publications is ambiguous, and clarity could be improved by
    > explicitly mentioning the associated SQL syntax. Thoughts?
    > 
    > Thanks,
    > Shlok Kyal
    > <v1-0001-Improve-documentation-of-publication-privilege-ch.patch>
    
    I have no objection to this patch. Just the new phrase sounds a little redundant as “FOR TABLES IN SCHEMA” is mentioned twice back-to-back. I tried to rephrase like:
    
    ```
    To create a publication that automatically publishes objects using
    <literal>FOR ALL TABLES</literal>,
    <literal>FOR ALL SEQUENCES</literal>, or
    <literal>FOR TABLES IN SCHEMA</literal>, the user must be a superuser.
    Likewise, adding tables using <literal>TABLES IN SCHEMA</literal> with
    <command>ALTER PUBLICATION</command> requires superuser privileges.
    To add individual tables to a publication, the user must have ownership rights on the table.
    ```
    
    I am open if you accept my suggestion or try to enhance the phrase on your own.
    
    Best regards,
    --
    Chao Li (Evan)
    HighGo Software Co., Ltd.
    https://www.highgo.com/
    
    
    
    
    
    
    
    
  3. Re: Improve documentation of publication privilege checks

    Peter Smith <smithpb2250@gmail.com> — 2025-12-23T23:42:53Z

    Hi Shlok/Chao-San.
    
    How about this alternative wording:
    
      <para>
       To create a publication using any of <literal>FOR ALL TABLES</literal>,
       <literal>FOR ALL SEQUENCES</literal>, or
       <literal>FOR TABLES IN SCHEMA</literal>, the user must be a superuser.
       To alter a publication using <literal>ADD TABLE</literal>, the user must
       have ownership rights on the table.  To alter a publication using
       <literal>ADD TABLES IN SCHEMA</literal>, the user must be a superuser.
      </para>
    
    
    IMO this is both simpler and more consistent. PSA a diff for the same.
    
    ======
    Kind Regards,
    Peter Smith.
    Fujitsu Australia
    
  4. Re: Improve documentation of publication privilege checks

    David G. Johnston <david.g.johnston@gmail.com> — 2025-12-24T00:52:37Z

    On Tue, Dec 23, 2025 at 4:43 PM Peter Smith <smithpb2250@gmail.com> wrote:
    
    > Hi Shlok/Chao-San.
    >
    > How about this alternative wording:
    >
    >   <para>
    >    To create a publication using any of <literal>FOR ALL TABLES</literal>,
    >    <literal>FOR ALL SEQUENCES</literal>, or
    >    <literal>FOR TABLES IN SCHEMA</literal>, the user must be a superuser.
    >    To alter a publication using <literal>ADD TABLE</literal>, the user must
    >    have ownership rights on the table.  To alter a publication using
    >    <literal>ADD TABLES IN SCHEMA</literal>, the user must be a superuser.
    >   </para>
    >
    >
    I initially preferred Chao Li's version but upon deeper consideration I've
    settled on this variant.  The conjunctions in the other are nice, but I've
    come to like how create and alter are better separated here.  And the
    choice to list "add table" first breaks up the string of superuser required
    commands when switching from creating to altering.
    
    Kinda feel we should start this with the individual table creation case
    though:
    
    To create a publication using FOR TABLE, the user must have ownership
    rights on all listed tables.  To create a publication using any of ... the
    user must be a superuser.  To alter ...
    
    The alter case likewise accepts multiple tables...
    
    David J.
    
  5. Re: Improve documentation of publication privilege checks

    Shlok Kyal <shlok.kyal.oss@gmail.com> — 2025-12-24T06:22:52Z

    On Wed, 24 Dec 2025 at 06:23, David G. Johnston
    <david.g.johnston@gmail.com> wrote:
    >
    > On Tue, Dec 23, 2025 at 4:43 PM Peter Smith <smithpb2250@gmail.com> wrote:
    >>
    >> Hi Shlok/Chao-San.
    >>
    >> How about this alternative wording:
    >>
    >>   <para>
    >>    To create a publication using any of <literal>FOR ALL TABLES</literal>,
    >>    <literal>FOR ALL SEQUENCES</literal>, or
    >>    <literal>FOR TABLES IN SCHEMA</literal>, the user must be a superuser.
    >>    To alter a publication using <literal>ADD TABLE</literal>, the user must
    >>    have ownership rights on the table.  To alter a publication using
    >>    <literal>ADD TABLES IN SCHEMA</literal>, the user must be a superuser.
    >>   </para>
    >>
    >
    > I initially preferred Chao Li's version but upon deeper consideration I've settled on this variant.  The conjunctions in the other are nice, but I've come to like how create and alter are better separated here.  And the choice to list "add table" first breaks up the string of superuser required commands when switching from creating to altering.
    >
    > Kinda feel we should start this with the individual table creation case though:
    >
    > To create a publication using FOR TABLE, the user must have ownership rights on all listed tables.  To create a publication using any of ... the user must be a superuser.  To alter ...
    >
    > The alter case likewise accepts multiple tables...
    >
    Thanks Chao-san, Peter and David for reviewing the patch. I also felt
    the version shared by Peter is more appropriate. I have made the
    suggested changes by David.
    
    Thanks,
    Shlok Kyal
    
  6. Re: Improve documentation of publication privilege checks

    Peter Smith <smithpb2250@gmail.com> — 2025-12-24T06:57:54Z

    > Thanks Chao-san, Peter and David for reviewing the patch. I also felt
    > the version shared by Peter is more appropriate. I have made the
    > suggested changes by David.
    >
    
    Patch v2 LGTM.
    
    ======
    Kind Regards,
    Peter Smith.
    Fujitsu Australia
    
    
    
    
  7. Re: Improve documentation of publication privilege checks

    Chao Li <li.evan.chao@gmail.com> — 2025-12-24T07:02:53Z

    
    > On Dec 24, 2025, at 14:57, Peter Smith <smithpb2250@gmail.com> wrote:
    > 
    >> Thanks Chao-san, Peter and David for reviewing the patch. I also felt
    >> the version shared by Peter is more appropriate. I have made the
    >> suggested changes by David.
    >> 
    > 
    > Patch v2 LGTM.
    > 
    +1
    
    --
    Chao Li (Evan)
    HighGo Software Co., Ltd.
    https://www.highgo.com/
    
    
    
    
    
    
    
    
  8. Re: Improve documentation of publication privilege checks

    David G. Johnston <david.g.johnston@gmail.com> — 2025-12-24T07:22:54Z

    On Wed, Dec 24, 2025 at 12:03 AM Chao Li <li.evan.chao@gmail.com> wrote:
    
    >
    >
    > > On Dec 24, 2025, at 14:57, Peter Smith <smithpb2250@gmail.com> wrote:
    > >
    > >> Thanks Chao-san, Peter and David for reviewing the patch. I also felt
    > >> the version shared by Peter is more appropriate. I have made the
    > >> suggested changes by David.
    > >>
    > >
    > > Patch v2 LGTM.
    > >
    > +1
    >
    >
    >
    WFM
    
    David J.