Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mqL16-0007mN-Mm for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Nov 2021 20:06:48 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1mqL15-0002b4-2S for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Nov 2021 20:06:47 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mqL14-0002aq-Lm for pgsql-hackers@lists.postgresql.org; Thu, 25 Nov 2021 20:06:46 +0000 Received: from mail-pj1-x102e.google.com ([2607:f8b0:4864:20::102e]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1mqL0y-0004Oe-K4 for pgsql-hackers@postgresql.org; Thu, 25 Nov 2021 20:06:45 +0000 Received: by mail-pj1-x102e.google.com with SMTP id w33-20020a17090a6ba400b001a722a06212so6827886pjj.0 for ; Thu, 25 Nov 2021 12:06:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=j-davis-com.20210112.gappssmtp.com; s=20210112; h=message-id:subject:from:to:cc:date:in-reply-to:references :mime-version:content-transfer-encoding; bh=wHNYsYKBZXmLlDDcxuFBwM8W3GjLQshpgulusVf7P/s=; b=TWGMO5bkDqpMR/TYKbA8q7bfTur1wr7BIduh9v+Iv/6g60z9KPRGL1kbG9psylkVjy sCsgaQ1dpMu1nEtm6kaR/IXx5jhvWQlN/bueT7SvAD/d3Eo5A+dUD07zXGK9jrU+9WNc CUtoqtLmEcv3CuZcMsZDZ+tmSqAvpVpP578OLvgttMnPyy8nZ+0/+ztkQdIeiwYx0JvT TgxUQwazprkvW6eoaQTAO5+u8wwidyWG592Oz9aYnylSSwpPo2TvsVPiDJXgvzL5QFoa TSqIs3ToFB72GPq3LVBS8GWH1ACvx268B4oywhaCaxEU5Wvn7uZ1/Ox1dsQbJR3v3hx8 7z/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=wHNYsYKBZXmLlDDcxuFBwM8W3GjLQshpgulusVf7P/s=; b=NqOGzKlizTCaU8Qv4q1pRIT8V8JR2ZABz9JzTAMdbK/29cHA9+uZYMAACDwr0vP/H/ YQNTg7/COJDrl7+rkRj7tMlctvdiu2nHPhSkqkVLIOD/5Alc01DOl8V07HCry9eytYfw 7m6qonl+ITGSb9QRU7mdJdJMrOJ+qbhCFsXjA6ShRMOtGCD7N0BI2YE4axR+/hIBrRvZ zxjlPsFf8Kvo4d40PoUs+4K8/xKuG0YH39icfSk6zngpaAnEHwcVFlPYIYy8MBXNA1p3 eI7yZi3dkKnyrTKRHR+kZ1Oaj2FrHGfHDLnPPbOo0vite6oBaoarU/MFtpvjBxPx8ibt N9sQ== X-Gm-Message-State: AOAM532GdPlaAStqIX+tT7u5dCIug+keLIEGMIFNvbUfvgaVCmosuhI4 UKjCHbzvRO0jWm5A5GfHNnqPSQ== X-Google-Smtp-Source: ABdhPJxdMy+2g6ck1ZBeC+yag49oLjikgXhV0NPbgDrefaPMTIQXwFRS/UFbriOVCsJ1QT8c+tfpXQ== X-Received: by 2002:a17:90a:dc15:: with SMTP id i21mr10285558pjv.183.1637870799245; Thu, 25 Nov 2021 12:06:39 -0800 (PST) Received: from jdavis.lan (c-73-231-146-4.hsd1.ca.comcast.net. [73.231.146.4]) by smtp.gmail.com with ESMTPSA id g20sm4976374pfj.12.2021.11.25.12.06.37 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 25 Nov 2021 12:06:37 -0800 (PST) Message-ID: <18b267939a9d1ae27e9b3643d53395f4e29ea6ce.camel@j-davis.com> Subject: Re: Non-superuser subscription owners From: Jeff Davis To: Amit Kapila Cc: Mark Dilger , Andrew Dunstan , PostgreSQL-development , Robert Haas Date: Thu, 25 Nov 2021 12:06:36 -0800 In-Reply-To: References: <9DFC88D3-1300-4DE8-ACBC-4CEF84399A53@enterprisedb.com> <6BB4451E-7B1B-474C-BD1F-DB7531E720C6@enterprisedb.com> <6A2B0FF6-CC86-48CE-B0D3-5401AA5CFEA9@enterprisedb.com> <1BB0A553-3FE9-4A91-A975-6F9D8C157FBD@enterprisedb.com> <7C62876F-5D19-4B5C-96AC-5590B10A49B2@enterprisedb.com> <66f55a6b9ff7bdd6bfd0d05e8fd8351690e69e23.camel@j-davis.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, 2021-11-25 at 09:51 +0530, Amit Kapila wrote: > Won't it be better to just check if the current user is superuser > before applying each change as a matter of this first patch? Sorry, I > was under impression that first, we want to close the current gap > where we allow to proceed with replication if the user's superuser > privileges were revoked during replication. That could be a first step, and I don't oppose it. But it seems like a very small first step that would be made obsolete when v3-0001 is ready, which I think will be very soon. > To allow non-superusers > owners, I thought it might be better to first try to detect the > change > of ownership In the case of revoked superuser privileges, there's no change in ownership, just a change of privileges (SUPERUSER -> NOSUPERUSER). And if we're detecting a change of privileges, why not just do it in something closer to the right way, which is what v3-0001 is attempting to do. > as soon as possible instead of at the transaction > boundary. I don't understand why it's important to detect a loss of privileges faster than a transaction boundary. Can you elaborate? Regards, Jeff Davis