Re: superuser() shortcuts - Mailing list pgsql-hackers
| From | Andres Freund |
|---|---|
| Subject | Re: superuser() shortcuts |
| Date | |
| Msg-id | 20141120220341.GA25784@alap3.anarazel.de Whole thread Raw |
| In response to | Re: superuser() shortcuts (Adam Brightwell <adam.brightwell@crunchydatasolutions.com>) |
| Responses |
Re: superuser() shortcuts
|
| List | pgsql-hackers |
On 2014-11-05 17:10:17 -0500, Adam Brightwell wrote:
> Attached is two separate patches to address previous
> comments/recommendations:
>
> * superuser-cleanup-shortcuts_11-5-2014.patch
> * has_privilege-cleanup_11-5-2014.patch
>
> -Adam
>
> --
> Adam Brightwell - adam.brightwell@crunchydatasolutions.com
> Database Engineer - www.crunchydatasolutions.com
> diff --git a/contrib/test_decoding/expected/permissions.out b/contrib/test_decoding/expected/permissions.out
> new file mode 100644
> index 212fd1d..f011955
> *** a/contrib/test_decoding/expected/permissions.out
> --- b/contrib/test_decoding/expected/permissions.out
> *************** RESET ROLE;
> *** 54,66 ****
> -- plain user *can't* can control replication
> SET ROLE lr_normal;
> SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
> ! ERROR: must be superuser or replication role to use replication slots
> INSERT INTO lr_test VALUES('lr_superuser_init');
> ERROR: permission denied for relation lr_test
> SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0',
'skip-empty-xacts','1');
> ! ERROR: must be superuser or replication role to use replication slots
> SELECT pg_drop_replication_slot('regression_slot');
> ! ERROR: must be superuser or replication role to use replication slots
> RESET ROLE;
> -- replication users can drop superuser created slots
> SET ROLE lr_superuser;
> --- 54,69 ----
> -- plain user *can't* can control replication
> SET ROLE lr_normal;
> SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
> ! ERROR: permission denied to use replication slots
> ! HINT: You must be superuser or replication role to use replication slots.
> INSERT INTO lr_test VALUES('lr_superuser_init');
> ERROR: permission denied for relation lr_test
> SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0',
'skip-empty-xacts','1');
> ! ERROR: permission denied to use replication slots
> ! HINT: You must be superuser or replication role to use replication slots.
> SELECT pg_drop_replication_slot('regression_slot');
> ! ERROR: permission denied to use replication slots
> ! HINT: You must be superuser or replication role to use replication slots.
> RESET ROLE;
> -- replication users can drop superuser created slots
> SET ROLE lr_superuser;
I still think this change makes the error message more verbose, without
any win in clarity.
Greetings,
Andres Freund
-- Andres Freund http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services
pgsql-hackers by date: