Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mq2eY-00044a-Hg for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Nov 2021 00:30:18 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1mq2eV-0001KG-MZ for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Nov 2021 00:30:15 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mq2eV-0001K7-9L for pgsql-hackers@lists.postgresql.org; Thu, 25 Nov 2021 00:30:15 +0000 Received: from mail-pf1-x42f.google.com ([2607:f8b0:4864:20::42f]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1mq2eQ-0003bD-Ol for pgsql-hackers@postgresql.org; Thu, 25 Nov 2021 00:30:14 +0000 Received: by mail-pf1-x42f.google.com with SMTP id x131so4174931pfc.12 for ; Wed, 24 Nov 2021 16:30:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=j-davis-com.20210112.gappssmtp.com; s=20210112; h=message-id:subject:from:to:cc:date:in-reply-to:references :mime-version:content-transfer-encoding; bh=20661aLYqgnJww3xNNPAV+Kd+UJUS4mor1cKp1SLrlU=; b=yaZ0H8wve0fPT4RMFBEZnzgBbF6/SAmviEkEFfg/STyZW42SUJ/8R70iYjOIQ6YGDX ETqxFne9U02QSMrlijI8mumaykU135OQ+oSF7UGdeDsOANhEORL9mF+SmzZdXRwgdhdo 7lNmFVd5UEyW4YZOCoiATPVHcbiMU9xql/HH09i5mRKcDydA7fH+tJpj3XkrjqvVOUxJ WUrFzu4RzE9sT1hpLAmj7HpdwDidA/eLjiCI45ViW5URLCFL+RkkWwiWZijQSHA+wHwp rQjdPPj/KEaMVU2MdmZl73Xy8bPuwTywrRkFbiJyOejOQ84a8Jww4bkW51xnxCICVeSX TBAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=20661aLYqgnJww3xNNPAV+Kd+UJUS4mor1cKp1SLrlU=; b=IjnKKVFS/QG7q+4/plcUNuni5pIHBzR/DxWAlXkeBCGUdBKRdHYV+/8s3tbsiTe3Of jdemLLr+GSVdF37Dhr8yhAlpyzWBIUfg8i1T26HUxYYTNlb8gpSaf09zpK+Rh9N0vGym XT00+KkYay+d6Ny+Bgdzk0JHE+Fod5k7vPQf5fG0iWivovlYnVskWmBN4u46UiP9clzk wgpWN/F4TV+8PJ+OHm5hYDAjb5a7k5tzjFbayPaJ5QFUw41fcCVvnFVxqX1LerdFG3fN rlV4stxMMXW0fLeENzPLw3RNs4FqW/MsrY/XAJbvWzO8mHI2INrjElN7sEv3wAtMYyE+ rZxQ== X-Gm-Message-State: AOAM532bl3m/4ui/BeoZNL2+wDn5SZ3ItpmzRQjRmKHVQC6NlZIiB80e Fc2U2Q97mNprxyz3nQ4viwZVWw== X-Google-Smtp-Source: ABdhPJxvo5MgkA21MIdDejZ80yvQdG0c+hTh1Td83uTFFD8auUtg3py4gVlpj1dnl2nIDgc3YUPFBg== X-Received: by 2002:a05:6a00:1489:b0:49f:daa8:c727 with SMTP id v9-20020a056a00148900b0049fdaa8c727mr10626187pfu.56.1637800209160; Wed, 24 Nov 2021 16:30:09 -0800 (PST) Received: from jdavis.lan (c-73-231-146-4.hsd1.ca.comcast.net. [73.231.146.4]) by smtp.gmail.com with ESMTPSA id y8sm908985pfi.56.2021.11.24.16.30.07 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 24 Nov 2021 16:30:08 -0800 (PST) Message-ID: <66f55a6b9ff7bdd6bfd0d05e8fd8351690e69e23.camel@j-davis.com> Subject: Re: Non-superuser subscription owners From: Jeff Davis To: Mark Dilger , Amit Kapila Cc: Andrew Dunstan , PostgreSQL-development , Robert Haas Date: Wed, 24 Nov 2021 16:30:06 -0800 In-Reply-To: <7C62876F-5D19-4B5C-96AC-5590B10A49B2@enterprisedb.com> References: <9DFC88D3-1300-4DE8-ACBC-4CEF84399A53@enterprisedb.com> <6BB4451E-7B1B-474C-BD1F-DB7531E720C6@enterprisedb.com> <6A2B0FF6-CC86-48CE-B0D3-5401AA5CFEA9@enterprisedb.com> <1BB0A553-3FE9-4A91-A975-6F9D8C157FBD@enterprisedb.com> <7C62876F-5D19-4B5C-96AC-5590B10A49B2@enterprisedb.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, 2021-11-19 at 16:45 -0800, Mark Dilger wrote: > Renamed as 0001 in version 3, as it is the only remaining patch. For > anyone who reviewed the older patch set, please note that I made some > changes to the src/test/subscription/t/026_nosuperuser.pl test case > relative to the prior version. We need to do permission checking for WITH CHECK OPTION and RLS. The patch right now allows the subscription to write data that an RLS policy forbids. A couple other points: * We shouldn't refer to the behavior of previous versions in the docs unless there's a compelling reason * Do we need to be smarter about partitioned tables, where an insert can turn into an update? * Should we refactor to borrow logic from ExecInsert so that it's less likely that we miss something in the future? Regards, Jeff Davis