NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit9b8aff8

committed

Add REPLICATION privilege for ROLEs

This privilege is required to do Streaming Replication, instead ofsuperuser, making it possible to set up a SR slave that doesn'thave write permissions on the master.Superuser privileges do NOT override this check, so in order touse the default superuser account for replication it must beexplicitly granted the REPLICATION permissions. This is backwardsincompatible change, in the interest of higher default security.

1 parentf2ba1e9 commit9b8aff8Copy full SHA for 9b8aff8

File tree

19 files changed

+189

-32

lines changed

doc/src/sgml
src
- backend
  - access/transam
    - xlog.c
  - catalog
    - system_views.sql
  - commands
    - user.c
  - parser
    - gram.y
  - utils/init
    - miscinit.c
    - postinit.c
- bin
  - pg_dump
    - pg_dumpall.c
  - psql
    - describe.c
- include
  - catalog
    - pg_authid.h
  - miscadmin.h
  - parser
    - kwlist.h
- test/regress/expected
  - rules.out

19 files changed

+189

-32

lines changed

`‎doc/src/sgml/catalogs.sgml‎`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1235,6 +1235,17 @@`
`1235`	`1235`	`</entry>`
`1236`	`1236`	`</row>`
`1237`	`1237`
	`1238`	`+ <row>`
	`1239`	`+ <entry><structfield>rolreplication</structfield></entry>`
	`1240`	`+ <entry><type>bool</type></entry>`
	`1241`	`+ <entry>`
	`1242`	`+ Role is a replication role. That is, this role can initiate streaming`
	`1243`	`+ replication (see <xref linkend="streaming-replication">) and set/unset`
	`1244`	`+ the system backup mode using <function>pg_start_backup</> and`
	`1245`	`+ <function>pg_stop_backup</>.`
	`1246`	`+ </entry>`
	`1247`	`+ </row>`
	`1248`	`+`
`1238`	`1249`	`<row>`
`1239`	`1250`	`<entry><structfield>rolconnlimit</structfield></entry>`
`1240`	`1251`	`<entry><type>int4</type></entry>`

`‎doc/src/sgml/func.sgml‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -13969,14 +13969,14 @@ SELECT set_config('log_statement_stats', 'off', false);`
`13969`	`13969`	`<literal><function>pg_start_backup(<parameter>label</> <type>text</> <optional>, <parameter>fast</> <type>boolean</> </optional>)</function></literal>`
`13970`	`13970`	`</entry>`
`13971`	`13971`	`<entry><type>text</type></entry>`
`13972`		`- <entry>Prepare for performing on-line backup (restricted to superusers)</entry>`
	`13972`	`+ <entry>Prepare for performing on-line backup (restricted to superusers or replication roles)</entry>`
`13973`	`13973`	`</row>`
`13974`	`13974`	`<row>`
`13975`	`13975`	`<entry>`
`13976`	`13976`	`<literal><function>pg_stop_backup()</function></literal>`
`13977`	`13977`	`</entry>`
`13978`	`13978`	`<entry><type>text</type></entry>`
`13979`		`- <entry>Finish performing on-line backup (restricted to superusers)</entry>`
	`13979`	`+ <entry>Finish performing on-line backup (restricted to superusers or replication roles)</entry>`
`13980`	`13980`	`</row>`
`13981`	`13981`	`<row>`
`13982`	`13982`	`<entry>`

`‎doc/src/sgml/high-availability.sgml‎`

Lines changed: 20 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -636,8 +636,8 @@ protocol to make nodes agree on a serializable transactional order.`
`636`	`636`	`<para>`
`637`	`637`	`If you want to use streaming replication, set up authentication on the`
`638`	`638`	`primary server to allow replication connections from the standby`
`639`		`- server(s); that is, provide a suitable entry or entries in`
`640`		`- <filename>pg_hba.conf</> with the database field set to`
	`639`	`+ server(s); that is,create a role andprovide a suitable entry or`
	`640`	`+entries in<filename>pg_hba.conf</> with the database field set to`
`641`	`641`	`<literal>replication</>. Also ensure <varname>max_wal_senders</> is set`
`642`	`642`	`to a sufficiently large value in the configuration file of the primary`
`643`	`643`	`server.`
`@@ -796,15 +796,28 @@ archive_cleanup_command = 'pg_archivecleanup /path/to/archive %r'`
`796`	`796`	`It is very important that the access privileges for replication be set up`
`797`	`797`	`so that only trusted users can read the WAL stream, because it is`
`798`	`798`	`easy to extract privileged information from it. Standby servers must`
`799`		`- authenticate to the primary as a superuser account.`
`800`		`- So a role with the <literal>SUPERUSER</> and <literal>LOGIN</>`
`801`		`- privileges needs to be created on the primary.`
	`799`	`+ authenticate to the primary as an account that has the`
	`800`	`+ <literal>REPLICATION</> privilege. So a role with the`
	`801`	`+ <literal>REPLICATION</> and <literal>LOGIN</> privileges needs to be`
	`802`	`+ created on the primary.`
`802`	`803`	`</para>`
	`804`	`+`
	`805`	`+ <note>`
	`806`	`+ <para>`
	`807`	`+ It is recommended that a dedicated user account is used for replication.`
	`808`	`+ While it is possible to add the <literal>REPLICATION</> privilege to`
	`809`	`+ a superuser account for the purporses of replication, this is not`
	`810`	`+ recommended. While <literal>REPLICATION</> privilege gives very high`
	`811`	`+ permissions, it does not allow the user to modify any data on the`
	`812`	`+ primary system, which the <literal>SUPERUSER</> privilege does.`
	`813`	`+ </para>`
	`814`	`+ </note>`
	`815`	`+`
`803`	`816`	`<para>`
`804`	`817`	`Client authentication for replication is controlled by a`
`805`	`818`	`<filename>pg_hba.conf</> record specifying <literal>replication</> in the`
`806`	`819`	`<replaceable>database</> field. For example, if the standby is running on`
`807`		`- host IP <literal>192.168.1.100</> and thesuperuser's name for replication`
	`820`	`+ host IP <literal>192.168.1.100</> and theaccount name for replication`
`808`	`821`	`is <literal>foo</>, the administrator can add the following line to the`
`809`	`822`	`<filename>pg_hba.conf</> file on the primary:`
`810`	`823`
`@@ -823,7 +836,7 @@ host replication foo 192.168.1.100/32 md5`
`823`	`836`	`standby (specify <literal>replication</> in the <replaceable>database</>`
`824`	`837`	`field).`
`825`	`838`	`For example, if the primary is running on host IP <literal>192.168.1.50</>,`
`826`		`- port <literal>5432</literal>, thesuperuser's name for replication is`
	`839`	`+ port <literal>5432</literal>, theaccount name for replication is`
`827`	`840`	`<literal>foo</>, and the password is <literal>foopass</>, the administrator`
`828`	`841`	`can add the following line to the <filename>recovery.conf</> file on the`
`829`	`842`	`standby:`

`‎doc/src/sgml/ref/alter_role.sgml‎`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@ ALTER ROLE <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replace`
`31`	`31`	`\| CREATEUSER \| NOCREATEUSER`
`32`	`32`	`\| INHERIT \| NOINHERIT`
`33`	`33`	`\| LOGIN \| NOLOGIN`
	`34`	`+ \| REPLICATION \| NOREPLICATION`
`34`	`35`	`\| CONNECTION LIMIT <replaceable class="PARAMETER">connlimit</replaceable>`
`35`	`36`	`\| [ ENCRYPTED \| UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'`
`36`	`37`	`\| VALID UNTIL '<replaceable class="PARAMETER">timestamp</replaceable>'`
`@@ -63,7 +64,7 @@ ALTER ROLE <replaceable class="PARAMETER">name</replaceable> [ IN DATABASE <repl`
`63`	`64`	`Attributes not mentioned in the command retain their previous settings.`
`64`	`65`	`Database superusers can change any of these settings for any role.`
`65`	`66`	`Roles having <literal>CREATEROLE</> privilege can change any of these`
`66`		`- settings, but only for non-superuser roles.`
	`67`	`+ settings, but only for non-superuserand non-replicationroles.`
`67`	`68`	`Ordinary roles can only change their own password.`
`68`	`69`	`</para>`
`69`	`70`
`@@ -127,6 +128,8 @@ ALTER ROLE <replaceable class="PARAMETER">name</replaceable> [ IN DATABASE <repl`
`127`	`128`	`<term><literal>NOINHERIT</literal></term>`
`128`	`129`	`<term><literal>LOGIN</literal></term>`
`129`	`130`	`<term><literal>NOLOGIN</literal></term>`
	`131`	`+ <term><literal>REPLICATION</literal></term>`
	`132`	`+ <term><literal>NOREPLICATION</literal></term>`
`130`	`133`	`<term><literal>CONNECTION LIMIT</literal> <replaceable class="parameter">connlimit</replaceable></term>`
`131`	`134`	`<term><literal>PASSWORD</> <replaceable class="parameter">password</replaceable></term>`
`132`	`135`	`<term><literal>ENCRYPTED</></term>`

`‎doc/src/sgml/ref/alter_user.sgml‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@ ALTER USER <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replace`
`31`	`31`	`\| CREATEUSER \| NOCREATEUSER`
`32`	`32`	`\| INHERIT \| NOINHERIT`
`33`	`33`	`\| LOGIN \| NOLOGIN`
	`34`	`+ \| REPLICATION \| NOREPLICATION`
`34`	`35`	`\| CONNECTION LIMIT <replaceable class="PARAMETER">connlimit</replaceable>`
`35`	`36`	`\| [ ENCRYPTED \| UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'`
`36`	`37`	`\| VALID UNTIL '<replaceable class="PARAMETER">timestamp</replaceable>'`

`‎doc/src/sgml/ref/create_role.sgml‎`

Lines changed: 16 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@ CREATE ROLE <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replac`
`31`	`31`	`\| CREATEUSER \| NOCREATEUSER`
`32`	`32`	`\| INHERIT \| NOINHERIT`
`33`	`33`	`\| LOGIN \| NOLOGIN`
	`34`	`+ \| REPLICATION \| NOREPLICATION`
`34`	`35`	`\| CONNECTION LIMIT <replaceable class="PARAMETER">connlimit</replaceable>`
`35`	`36`	`\| [ ENCRYPTED \| UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'`
`36`	`37`	`\| VALID UNTIL '<replaceable class="PARAMETER">timestamp</replaceable>'`
`@@ -174,6 +175,21 @@ CREATE ROLE <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replac`
`174`	`175`	`</listitem>`
`175`	`176`	`</varlistentry>`
`176`	`177`
	`178`	`+ <varlistentry>`
	`179`	`+ <term><literal>REPLICATION</literal></term>`
	`180`	`+ <term><literal>NOREPLICATION</literal></term>`
	`181`	`+ <listitem>`
	`182`	`+ <para>`
	`183`	`+ These clauses determine whether a role is allowed to initiate`
	`184`	`+ streaming replication or put the system in and out of backup mode.`
	`185`	`+ A role having the <literal>REPLICATION</> attribute is a very`
	`186`	`+ highly privileged role, and should only be used on roles actually`
	`187`	`+used for replication. If not specified,`
	`188`	`+ <literal>NOREPLICATION</literal> is the default.`
	`189`	`+ </para>`
	`190`	`+ </listitem>`
	`191`	`+ </varlistentry>`
	`192`	`+`
`177`	`193`	`<varlistentry>`
`178`	`194`	`<term><literal>CONNECTION LIMIT</literal> <replaceable class="parameter">connlimit</replaceable></term>`
`179`	`195`	`<listitem>`

`‎doc/src/sgml/ref/create_user.sgml‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@ CREATE USER <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replac`
`31`	`31`	`\| CREATEUSER \| NOCREATEUSER`
`32`	`32`	`\| INHERIT \| NOINHERIT`
`33`	`33`	`\| LOGIN \| NOLOGIN`
	`34`	`+ \| REPLICATION \| NOREPLICATION`
`34`	`35`	`\| CONNECTION LIMIT <replaceable class="PARAMETER">connlimit</replaceable>`
`35`	`36`	`\| [ ENCRYPTED \| UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'`
`36`	`37`	`\| VALID UNTIL '<replaceable class="PARAMETER">timestamp</replaceable>'`

`‎src/backend/access/transam/xlog.c‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -8301,10 +8301,10 @@ pg_start_backup(PG_FUNCTION_ARGS)`
`8301`	`8301`	`structstatstat_buf;`
`8302`	`8302`	`FILE*fp;`
`8303`	`8303`
`8304`		`-if (!superuser())`
	`8304`	`+if (!superuser()&& !is_authenticated_user_replication_role())`
`8305`	`8305`	`ereport(ERROR,`
`8306`	`8306`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`8307`		`-errmsg("must be superuser to run a backup")));`
	`8307`	`+errmsg("must be superuseror replication roleto run a backup")));`
`8308`	`8308`
`8309`	`8309`	`if (RecoveryInProgress())`
`8310`	`8310`	`ereport(ERROR,`
`@@ -8493,10 +8493,10 @@ pg_stop_backup(PG_FUNCTION_ARGS)`
`8493`	`8493`	`intwaits=0;`
`8494`	`8494`	`boolreported_waiting= false;`
`8495`	`8495`
`8496`		`-if (!superuser())`
	`8496`	`+if (!superuser()&& !is_authenticated_user_replication_role())`
`8497`	`8497`	`ereport(ERROR,`
`8498`	`8498`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`8499`		`- (errmsg("must be superuser to run a backup"))));`
	`8499`	`+ (errmsg("must be superuseror replication roleto run a backup"))));`
`8500`	`8500`
`8501`	`8501`	`if (RecoveryInProgress())`
`8502`	`8502`	`ereport(ERROR,`

`‎src/backend/catalog/system_views.sql‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ CREATE VIEW pg_roles AS`
`15`	`15`	`rolcreatedb,`
`16`	`16`	`rolcatupdate,`
`17`	`17`	`rolcanlogin,`
	`18`	`+ rolreplication,`
`18`	`19`	`rolconnlimit,`
`19`	`20`	`'********'::textas rolpassword,`
`20`	`21`	`rolvaliduntil,`
`@@ -30,6 +31,7 @@ CREATE VIEW pg_shadow AS`
`30`	`31`	`rolcreatedbAS usecreatedb,`
`31`	`32`	`rolsuperAS usesuper,`
`32`	`33`	`rolcatupdateAS usecatupd,`
	`34`	`+ rolreplicationAS userepl,`
`33`	`35`	`rolpasswordAS passwd,`
`34`	`36`	`rolvaliduntil::abstimeAS valuntil,`
`35`	`37`	`setconfigAS useconfig`
`@@ -54,6 +56,7 @@ CREATE VIEW pg_user AS`
`54`	`56`	`usecreatedb,`
`55`	`57`	`usesuper,`
`56`	`58`	`usecatupd,`
	`59`	`+ userepl,`
`57`	`60`	`'********'::textas passwd,`
`58`	`61`	`valuntil,`
`59`	`62`	`useconfig`

`‎src/backend/commands/user.c‎`

Lines changed: 46 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,7 @@ CreateRole(CreateRoleStmt *stmt)`
`94`	`94`	`boolcreaterole= false;/* Can this user create roles? */`
`95`	`95`	`boolcreatedb= false;/* Can the user create databases? */`
`96`	`96`	`boolcanlogin= false;/* Can this user login? */`
	`97`	`+boolisreplication= false;/* Is this a replication role? */`
`97`	`98`	`intconnlimit=-1;/* maximum connections allowed */`
`98`	`99`	`Listaddroleto=NIL;/ roles to make this a member of */`
`99`	`100`	`Listrolemembers=NIL;/ roles to be members of this role */`
`@@ -107,6 +108,7 @@ CreateRole(CreateRoleStmt *stmt)`
`107`	`108`	`DefElem*dcreaterole=NULL;`
`108`	`109`	`DefElem*dcreatedb=NULL;`
`109`	`110`	`DefElem*dcanlogin=NULL;`
	`111`	`+DefElem*disreplication=NULL;`
`110`	`112`	`DefElem*dconnlimit=NULL;`
`111`	`113`	`DefElem*daddroleto=NULL;`
`112`	`114`	`DefElem*drolemembers=NULL;`
`@@ -190,6 +192,14 @@ CreateRole(CreateRoleStmt *stmt)`
`190`	`192`	`errmsg("conflicting or redundant options")));`
`191`	`193`	`dcanlogin=defel;`
`192`	`194`	`}`
	`195`	`+elseif (strcmp(defel->defname,"isreplication")==0)`
	`196`	`+{`
	`197`	`+if (disreplication)`
	`198`	`+ereport(ERROR,`
	`199`	`+(errcode(ERRCODE_SYNTAX_ERROR),`
	`200`	`+errmsg("conflicting or redundant options")));`
	`201`	`+disreplication=defel;`
	`202`	`+}`
`193`	`203`	`elseif (strcmp(defel->defname,"connectionlimit")==0)`
`194`	`204`	`{`
`195`	`205`	`if (dconnlimit)`
`@@ -247,6 +257,8 @@ CreateRole(CreateRoleStmt *stmt)`
`247`	`257`	`createdb=intVal(dcreatedb->arg)!=0;`
`248`	`258`	`if (dcanlogin)`
`249`	`259`	`canlogin=intVal(dcanlogin->arg)!=0;`
	`260`	`+if (disreplication)`
	`261`	`+isreplication=intVal(disreplication->arg)!=0;`
`250`	`262`	`if (dconnlimit)`
`251`	`263`	`{`
`252`	`264`	`connlimit=intVal(dconnlimit->arg);`
`@@ -272,6 +284,13 @@ CreateRole(CreateRoleStmt *stmt)`
`272`	`284`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`273`	`285`	`errmsg("must be superuser to create superusers")));`
`274`	`286`	`}`
	`287`	`+elseif (isreplication)`
	`288`	`+{`
	`289`	`+if (!superuser())`
	`290`	`+ereport(ERROR,`
	`291`	`+(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
	`292`	`+errmsg("must be superuser to create replication users")));`
	`293`	`+}`
`275`	`294`	`else`
`276`	`295`	`{`
`277`	`296`	`if (!have_createrole_privilege())`
`@@ -341,6 +360,7 @@ CreateRole(CreateRoleStmt *stmt)`
`341`	`360`	`/* superuser gets catupdate right by default */`
`342`	`361`	`new_record[Anum_pg_authid_rolcatupdate-1]=BoolGetDatum(issuper);`
`343`	`362`	`new_record[Anum_pg_authid_rolcanlogin-1]=BoolGetDatum(canlogin);`
	`363`	`+new_record[Anum_pg_authid_rolreplication-1]=BoolGetDatum(isreplication);`
`344`	`364`	`new_record[Anum_pg_authid_rolconnlimit-1]=Int32GetDatum(connlimit);`
`345`	`365`
`346`	`366`	`if (password)`
`@@ -439,6 +459,7 @@ AlterRole(AlterRoleStmt *stmt)`
`439`	`459`	`intcreaterole=-1;/* Can this user create roles? */`
`440`	`460`	`intcreatedb=-1;/* Can the user create databases? */`
`441`	`461`	`intcanlogin=-1;/* Can this user login? */`
	`462`	`+intisreplication=-1;/* Is this a replication role? */`
`442`	`463`	`intconnlimit=-1;/* maximum connections allowed */`
`443`	`464`	`Listrolemembers=NIL;/ roles to be added/removed */`
`444`	`465`	`charvalidUntil=NULL;/ time the login is valid until */`
`@@ -450,6 +471,7 @@ AlterRole(AlterRoleStmt *stmt)`
`450`	`471`	`DefElem*dcreaterole=NULL;`
`451`	`472`	`DefElem*dcreatedb=NULL;`
`452`	`473`	`DefElem*dcanlogin=NULL;`
	`474`	`+DefElem*disreplication=NULL;`
`453`	`475`	`DefElem*dconnlimit=NULL;`
`454`	`476`	`DefElem*drolemembers=NULL;`
`455`	`477`	`DefElem*dvalidUntil=NULL;`
`@@ -514,6 +536,14 @@ AlterRole(AlterRoleStmt *stmt)`
`514`	`536`	`errmsg("conflicting or redundant options")));`
`515`	`537`	`dcanlogin=defel;`
`516`	`538`	`}`
	`539`	`+elseif (strcmp(defel->defname,"isreplication")==0)`
	`540`	`+{`
	`541`	`+if (disreplication)`
	`542`	`+ereport(ERROR,`
	`543`	`+(errcode(ERRCODE_SYNTAX_ERROR),`
	`544`	`+errmsg("conflicting or redundant options")));`
	`545`	`+disreplication=defel;`
	`546`	`+}`
`517`	`547`	`elseif (strcmp(defel->defname,"connectionlimit")==0)`
`518`	`548`	`{`
`519`	`549`	`if (dconnlimit)`
`@@ -556,6 +586,8 @@ AlterRole(AlterRoleStmt *stmt)`
`556`	`586`	`createdb=intVal(dcreatedb->arg);`
`557`	`587`	`if (dcanlogin)`
`558`	`588`	`canlogin=intVal(dcanlogin->arg);`
	`589`	`+if (disreplication)`
	`590`	`+isreplication=intVal(disreplication->arg);`
`559`	`591`	`if (dconnlimit)`
`560`	`592`	`{`
`561`	`593`	`connlimit=intVal(dconnlimit->arg);`
`@@ -594,12 +626,20 @@ AlterRole(AlterRoleStmt *stmt)`
`594`	`626`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`595`	`627`	`errmsg("must be superuser to alter superusers")));`
`596`	`628`	`}`
	`629`	`+elseif (((Form_pg_authid)GETSTRUCT(tuple))->rolreplication\|\|isreplication >=0)`
	`630`	`+{`
	`631`	`+if (!superuser())`
	`632`	`+ereport(ERROR,`
	`633`	`+(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
	`634`	`+errmsg("must be superuser to alter replication users")));`
	`635`	`+}`
`597`	`636`	`elseif (!have_createrole_privilege())`
`598`	`637`	`{`
`599`	`638`	`if (!(inherit<0&&`
`600`	`639`	`createrole<0&&`
`601`	`640`	`createdb<0&&`
`602`	`641`	`canlogin<0&&`
	`642`	`+isreplication<0&&`
`603`	`643`	`!dconnlimit&&`
`604`	`644`	`!rolemembers&&`
`605`	`645`	`!validUntil&&`
`@@ -685,6 +725,12 @@ AlterRole(AlterRoleStmt *stmt)`
`685`	`725`	`new_record_repl[Anum_pg_authid_rolcanlogin-1]= true;`
`686`	`726`	`}`
`687`	`727`
	`728`	`+if (isreplication >=0)`
	`729`	`+{`
	`730`	`+new_record[Anum_pg_authid_rolreplication-1]=BoolGetDatum(isreplication>0);`
	`731`	`+new_record_repl[Anum_pg_authid_rolreplication-1]= true;`
	`732`	`+}`
	`733`	`+`
`688`	`734`	`if (dconnlimit)`
`689`	`735`	`{`
`690`	`736`	`new_record[Anum_pg_authid_rolconnlimit-1]=Int32GetDatum(connlimit);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit9b8aff8

File tree

19 files changed

19 files changed

`‎doc/src/sgml/catalogs.sgml‎`

`‎doc/src/sgml/func.sgml‎`

`‎doc/src/sgml/high-availability.sgml‎`

`‎doc/src/sgml/ref/alter_role.sgml‎`

`‎doc/src/sgml/ref/alter_user.sgml‎`

`‎doc/src/sgml/ref/create_role.sgml‎`

`‎doc/src/sgml/ref/create_user.sgml‎`

`‎src/backend/access/transam/xlog.c‎`

`‎src/backend/catalog/system_views.sql‎`

`‎src/backend/commands/user.c‎`

0 commit comments