privilege in the database.
</para>
+ <para>
+ To add tables to a publication, the user must have ownership rights on the
+ table. To create a publication that publishes all tables automatically,
+ the user must be a superuser.
+ </para>
+
<para>
To create a subscription, the user must be a superuser.
</para>
</para>
<para>
- To add a table to a publication, the invoking user must have
- <command>SELECT</command> privilege on given table. The
- <command>FOR ALL TABLES</command> clause requires superuser.
+ To add a table to a publication, the invoking user must have ownership
+ rights on the table. The <command>FOR ALL TABLES</command> clause requires
+ the invoking user to be a superuser.
</para>
<para>
-- PUBLICATION
--
CREATE ROLE regress_publication_user LOGIN SUPERUSER;
+CREATE ROLE regress_publication_user2;
CREATE ROLE regress_publication_user_dummy LOGIN NOSUPERUSER;
SET SESSION AUTHORIZATION 'regress_publication_user';
CREATE PUBLICATION testpub_default;
"testpib_ins_trunct"
"testpub_fortbl"
+-- permissions
+SET ROLE regress_publication_user2;
+CREATE PUBLICATION testpub2; -- fail
+ERROR: permission denied for database regression
+SET ROLE regress_publication_user;
+GRANT CREATE ON DATABASE regression TO regress_publication_user2;
+SET ROLE regress_publication_user2;
+CREATE PUBLICATION testpub2; -- ok
+ALTER PUBLICATION testpub2 ADD TABLE testpub_tbl1; -- fail
+ERROR: must be owner of relation testpub_tbl1
+SET ROLE regress_publication_user;
+GRANT regress_publication_user TO regress_publication_user2;
+SET ROLE regress_publication_user2;
+ALTER PUBLICATION testpub2 ADD TABLE testpub_tbl1; -- ok
+DROP PUBLICATION testpub2;
+SET ROLE regress_publication_user;
+REVOKE CREATE ON DATABASE regression FROM regress_publication_user2;
DROP VIEW testpub_view;
DROP TABLE testpub_tbl1;
\dRp+ testpub_default
DROP SCHEMA pub_test CASCADE;
NOTICE: drop cascades to table pub_test.testpub_nopk
RESET SESSION AUTHORIZATION;
-DROP ROLE regress_publication_user;
+DROP ROLE regress_publication_user, regress_publication_user2;
DROP ROLE regress_publication_user_dummy;
-- PUBLICATION
--
CREATE ROLE regress_publication_user LOGIN SUPERUSER;
+CREATE ROLE regress_publication_user2;
CREATE ROLE regress_publication_user_dummy LOGIN NOSUPERUSER;
SET SESSION AUTHORIZATION 'regress_publication_user';
\d+ testpub_tbl1
+-- permissions
+SET ROLE regress_publication_user2;
+CREATE PUBLICATION testpub2; -- fail
+
+SET ROLE regress_publication_user;
+GRANT CREATE ON DATABASE regression TO regress_publication_user2;
+SET ROLE regress_publication_user2;
+CREATE PUBLICATION testpub2; -- ok
+
+ALTER PUBLICATION testpub2 ADD TABLE testpub_tbl1; -- fail
+
+SET ROLE regress_publication_user;
+GRANT regress_publication_user TO regress_publication_user2;
+SET ROLE regress_publication_user2;
+ALTER PUBLICATION testpub2 ADD TABLE testpub_tbl1; -- ok
+
+DROP PUBLICATION testpub2;
+
+SET ROLE regress_publication_user;
+REVOKE CREATE ON DATABASE regression FROM regress_publication_user2;
+
DROP VIEW testpub_view;
DROP TABLE testpub_tbl1;
DROP SCHEMA pub_test CASCADE;
RESET SESSION AUTHORIZATION;
-DROP ROLE regress_publication_user;
+DROP ROLE regress_publication_user, regress_publication_user2;
DROP ROLE regress_publication_user_dummy;
projects / postgresql / commitdiff