Обсуждение: BUG #17377: only superusers can query or manipulate replication origins

Поиск
Список
Период
Сортировка

BUG #17377: only superusers can query or manipulate replication origins

От
PG Bug reporting form
Дата:
The following bug has been logged on the website:

Bug reference:      17377
Logged by:          James Pang
Email address:      chaolpan@cisco.com
PostgreSQL version: 13.4
Operating system:   RHEL8.4
Description:

PG 13.4 on RHEL8.4 ,
  we have a user with REPLICATION for logical replication , try to handle
"replication change loop back" by set replication origin, 

 select pg_replication_origin_create('test');
ERROR:  only superusers can query or manipulate replication origins

 Is it possible to "remove superuser() check" for pg_replication related
functions and view query, we expect any role with replication can
create/drop origin, and roles with pg_monitor can query the progress. 

we tested that PG 14.1 works if we grant execution privileges ,  is it
possible to merge the similar enhancement to Postgresql 13.5 or next minor
version ? so we can use that in pg13 version. 

Thanks,

James

Re: BUG #17377: only superusers can query or manipulate replication origins

От
Masahiko Sawada
Дата:
On Sat, Jan 22, 2022 at 10:09 PM PG Bug reporting form
<noreply@postgresql.org> wrote:
>
> The following bug has been logged on the website:
>
> Bug reference:      17377
> Logged by:          James Pang
> Email address:      chaolpan@cisco.com
> PostgreSQL version: 13.4
> Operating system:   RHEL8.4
> Description:
>
> PG 13.4 on RHEL8.4 ,
>   we have a user with REPLICATION for logical replication , try to handle
> "replication change loop back" by set replication origin,
>
>  select pg_replication_origin_create('test');
> ERROR:  only superusers can query or manipulate replication origins
>
>  Is it possible to "remove superuser() check" for pg_replication related
> functions and view query, we expect any role with replication can
> create/drop origin, and roles with pg_monitor can query the progress.
>
> we tested that PG 14.1 works if we grant execution privileges ,

Yeah, we removed superuser checks from replication origin functions in PG14.

> is it
> possible to merge the similar enhancement to Postgresql 13.5 or next minor
> version ? so we can use that in pg13 version.

Hmm, I don't think this change will be back-patched since it's not a bug fix.

Regards,

-- 
Masahiko Sawada
EDB:  https://www.enterprisedb.com/