Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1waLtt-001juV-13 for pgsql-hackers@arkaria.postgresql.org; Thu, 18 Jun 2026 23:11:57 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1waLtr-00DyfA-0X for pgsql-hackers@arkaria.postgresql.org; Thu, 18 Jun 2026 23:11:55 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1waLtq-00Dyev-0u for pgsql-hackers@lists.postgresql.org; Thu, 18 Jun 2026 23:11:54 +0000 Received: from fhigh-a2-smtp.messagingengine.com ([103.168.172.153]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1waLto-0000000138N-2fUu for pgsql-hackers@lists.postgresql.org; Thu, 18 Jun 2026 23:11:53 +0000 Received: from phl-compute-05.internal (phl-compute-05.internal [10.202.2.45]) by mailfhigh.phl.internal (Postfix) with ESMTP id 08108140003D; Thu, 18 Jun 2026 19:11:51 -0400 (EDT) Received: from phl-imap-15 ([10.202.2.104]) by phl-compute-05.internal (MEProxy); Thu, 18 Jun 2026 19:11:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=partin.io; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1781824311; x=1781910711; bh=eG9vqHt9uPQ6Usakb2y6zvmUlTY8zFkZWjx5IvuOQhw=; b= Lhf0MLftPU/wMAhAAl5HoWkEfbyeqiLhigTe6GbnAKfc7WOU2rp/ObWUMBSvQbSi H4HI0HEL0qqguuhrtr4y3ZBOlx2FIGBthdp3b43W6LcVL5W4G6/n9s9KajptznA2 ddPegBeRjS5JCnbq8StEpb0l9svqSyj0f4SjDzGnuujA4yprm9wkwt8mtaVC5sRJ 2kdezNnziRbSDGBCPztmoi1QLNVjt9j9DQ689azGWnUrvF/thQ4LgcbVfh2eP+wG 6W7hcEbozvX92RBjOrZVHxr6gZGrkiqQiiZ3Thv9+0QBCB8T0ltZFzamd27Z0qJY 9xOEzX7jP1pDlQIy3ClJsg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1781824311; x= 1781910711; bh=eG9vqHt9uPQ6Usakb2y6zvmUlTY8zFkZWjx5IvuOQhw=; b=J tEfK1j+r0D38Q/lbG6W3Hjh0SrmjVAtUVskRlnlrfUwVHqmR4mV72AZpO+e+6D8b XRByChlufHWyGj3t7EKBAjD+kDX279MYP1FMc45FrjZuz019h4YFzB+ubZ/+Sr4Y bh2GyXTOp/8SnhXq8yvYl1/tlW4w/oTBJVC3xmsU8Q0zKd/MYCPGOI1R3ujIdTwO d1BPNSh8ydudrbSIUYORV4d0CCWJ3WYZ+UGKTJwXWy9QttKgMM3yuiCpfwDHdwDv 7iAh52eytCjFIYjixAfiGTJ9a80zQKUQ3N3vAJb6IHOVZQrB/VaIiOfEUVhNyVOP 6wtOkQ/+fubNxsWoTYBXA== X-ME-Sender: X-ME-Proxy-Cause: dmFkZTFGqH3mSzK6rs4Omp7GXNAqnw59cQEyfDTWdssTpMB2v31o0k1GwFeeo38Ic+cGvY hV4f58soQIBcBqEr4QaUit2tabwNIMhr9BpgzTCKESpnm8LhvX54Brl5L/feCA/UuS9M9M 0thxtA6oE/Ojkqp2hzK5DxynsAA9TEewicw4btssiRBq9vFqH6FqcUr0aW9vpCiOwMXDa+ Nyu4Qmg0ILuiLYfKG8VMWyxGBFN3eKLUoUNTIps+8BI9D8zvJFs3qi90jx0JLD3IyMDLGz FrtKr5o8KMOuyXFnlk2/LWi/3xtk8ZywHzVack7Hf7J/FHHvQP3pyrkuQ1DjxfUe+sOAqv EKGSJTNudV73LpnYalz7zTM0sf+F3W8H9YUSmvoC3FJNniNLW/GBClkmvwmSSis/K+0prz dT1iPj1m6SYJzUDQST66P7LEH3kXQcmmc51g8liagtL7B8A8DgTPludPO602FX2ZKVf18F hiDEhPgL8y7XBx5Fg6SXk1DQQGXn36xZ1N+LaWIaIqpbizyYIjY+/rrBKzXMRumACRt/eu uikj45mJaO8sgNjdObCmnOMI6JhUyfVoRYb/tLJ8dBY+wxRCdW5Ze1D/+ZxdUGHrN2g8+r SAeucGuhCBQUXzRCVFgdiHiibEDQcaqCUKV/QXCK/QlfWRHXbcY0y2byH/Nw X-ME-Proxy: Feedback-ID: idd01497b:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id 7D5CA7808F3; Thu, 18 Jun 2026 19:11:50 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Thu, 18 Jun 2026 23:11:48 +0000 Message-Id: Cc: "PostgreSQL Hackers" Subject: Re: Fix publisher-side sequence permission reporting To: "Fujii Masao" From: "Tristan Partin" X-Mailer: aerc 0.21.0 References: In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi Masao-san, On Thu Jun 18, 2026 at 10:36 AM CDT, Fujii Masao wrote: > Hi, > > While testing logical replication sequence synchronization, I found > that a publisher-side permission problem can be reported as a > misleading "missing sequence on publisher" warning. > > The issue can be reproduced as follows: > > 1. On the publisher: > > CREATE SEQUENCE myseq; > CREATE PUBLICATION mypub FOR ALL SEQUENCES; > CREATE ROLE foo LOGIN REPLICATION NOSUPERUSER; > > 2. On the subscriber: > > CREATE SEQUENCE myseq; > CREATE SUBSCRIPTION mysub > CONNECTION 'user=3Dfoo dbname=3Dpostgres ...' > PUBLICATION mypub; > > The subscriber currently emits: > > WARNING: missing sequence on publisher ("public.myseq") > > even though the sequence still exists on the publisher. The real > problem is that the replication connection lacks SELECT privilege to > read the sequence data. > > The cause is that; sequence synchronization obtains sequence data using > pg_get_sequence_data(). When the user lacks SELECT privilege on > the sequence, pg_get_sequence_data() returns a row containing all NULL > values. Sequence synchronization currently treats that the same as > a missing sequence, so publisher-side permission failures and > genuinely missing sequences are not distinguished, leading to > the misleading warning. > > Patch 0001 fixes this by distinguishing the two cases during sequence > synchronization. It checks whether the replication connection has the > required privilege for each published sequence and reports > publisher-side permission failures separately. The patch looks good to me! I had one suggestion: > ########## > # Ensure that insufficient privileges on the publisher for a sequence do= not > -# disrupt the subscriber. The subscriber should log a warning and contin= ue > -# retrying. > +# get misreported as a missing sequence. The subscriber should log a war= ning > +# and continue retrying. > ########## I think a better comment might be: Ensure that insufficient privileges on the publisher for a sequence=20 are reported correctly... My reasoning for suggesting that is because your comment would to=20 indicate that any warning is accurate as long as it isn't related to=20 a missing sequence. The API for pg_get_sequence_data() is very _interesting_. Overloading=20 the NULLs row to mean many things is a bit strange. I'm not sure what=20 a better solution would be. Just thought I would mention that. > While working on this, I also noticed that the documented privilege > requirement for pg_get_sequence_data() does not match the > implementation. The documentation says that USAGE or SELECT privilege > is sufficient, but the implementation requires SELECT. > > Patch 0002 updates the documentation to match the current behavior. > > I chose to update the documentation rather than broaden the > implementation for two reasons. > > First, commit c8b06bb969b, which introduced the predecessor of > pg_get_sequence_data(), described it as a substitute for SELECT > from a sequence, and its implementation has always required > SELECT privilege. > > Second, the logical replication documentation already states that > replicating sequence data requires SELECT privilege. Your reasoning for updating the documentation makes sense, and the patch=20 you submitted achieves the stated goal. --=20 Tristan Partin PostgreSQL Contributors Team AWS (https://aws.amazon.com)