Commit84387fc

committed

doc: Add note about lack of publication privileges

This gives some additional advice on using row filters and columnlists on publications securely.Author: Antonin Houska <ah@cybertec.at>Reviewed-by: Euler Taveira <euler@eulerto.com>Discussion:https://www.postgresql.org/message-id/flat/20330.1652105397@antos

1 parent2ea5de2 commit84387fcCopy full SHA for 84387fc

File tree

+11

-0

lines changed

+11

-0

lines changed

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1570,6 +1570,17 @@ CONTEXT: processing remote data for replication origin "pg_16395" during "INSER`
`1570`	`1570`	`schema automatically, the user must be a superuser.`
`1571`	`1571`	`</para>`
`1572`	`1572`
	`1573`	`+ <para>`
	`1574`	`+ There are currently no privileges on publications. Any subscription (that`
	`1575`	`+ is able to connect) can access any publication. Thus, if you intend to`
	`1576`	`+ hide some information from particular subscribers, such as by using row`
	`1577`	`+ filters or column lists, or by not adding the whole table to the`
	`1578`	`+ publication, be aware that other publications in the same database could`
	`1579`	`+ expose the same information. Publication privileges might be added to`
	`1580`	`+ <productname>PostgreSQL</productname> in the future to allow for`
	`1581`	`+ finer-grained access control.`
	`1582`	`+ </para>`
	`1583`	`+`
`1573`	`1584`	`<para>`
`1574`	`1585`	`To create a subscription, the user must be a superuser.`
`1575`	`1586`	`</para>`

Comments

(0)