diff options
| author | Robert Haas | 2023-04-04 16:03:03 +0000 |
|---|---|---|
| committer | Robert Haas | 2023-04-04 16:03:03 +0000 |
| commit | 482675987bcdffb390ae735cfd5f34b485ae97c6 (patch) | |
| tree | 889d1ea562d20bf291620e8df982d09f1852aa64 /src/include | |
| parent | 1e10d49b65d6c26c61fee07999e4cd59eab2b765 (diff) | |
Add a run_as_owner option to subscriptions.
This option is normally false, but can be set to true to obtain
the legacy behavior where the subscription runs with the permissions
of the subscription owner rather than the permissions of the
table owner. The advantages of this mode are (1) it doesn't require
that the subscription owner have permission to SET ROLE to each
table owner and (2) since no role switching occurs, the
SECURITY_RESTRICTED_OPERATION restrictions do not apply.
On the downside, it allows any table owner to easily usurp
the privileges of the subscription owner - basically, to take
over their account. Because that's generally quite undesirable,
we don't make this mode the default, but we do make it available,
just in case the new behavior causes too many problems for someone.
Discussion: http://postgr.es/m/CA+TgmoZ-WEeG6Z14AfH7KhmpX2eFh+tZ0z+vf0=eMDdbda269g@mail.gmail.com
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/catalog/catversion.h | 2 | ||||
| -rw-r--r-- | src/include/catalog/pg_subscription.h | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h index 67f3f632f0..f0a8ee55ae 100644 --- a/src/include/catalog/catversion.h +++ b/src/include/catalog/catversion.h @@ -57,6 +57,6 @@ */ /* yyyymmddN */ -#define CATALOG_VERSION_NO 202304041 +#define CATALOG_VERSION_NO 202304042 #endif diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index 6319f598d8..91d729d62d 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -90,6 +90,9 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW bool subpasswordrequired; /* Must connection use a password? */ + bool subrunasowner; /* True if replication should execute as + * the subscription owner */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ text subconninfo BKI_FORCE_NOT_NULL; @@ -134,6 +137,7 @@ typedef struct Subscription * automatically disabled if a worker error * occurs */ bool passwordrequired; /* Must connection use a password? */ + bool runasowner; /* Run replication as subscription owner */ char *conninfo; /* Connection string to the publisher */ char *slotname; /* Name of the replication slot */ char *synccommit; /* Synchronous commit setting for worker */ |