On Tue, May 25, 2021 at 01:33:54PM -0700, Mark Dilger wrote:
> v3-0001 adds a new pg_logical_replication role with permission to manage publications and subscriptions.
> v3-0004 adds a new pg_database_security role with permission to perform many
> actions that would otherwise require superuser, so long as those actions do
> not compromise the security of the host or network. This role, along with
> pg_logical_replication, is intended to be safe to delegate to the tenant of
> a database provided as a service.
pg_logical_replication would not be safe to delegate that way:
https://postgr.es/m/flat/CACqFVBbx6PDq%2B%3DvHM0n78kHzn8tvOM-kGO_2q_q0zNAMT%2BTzdA%40mail.gmail.com