mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add more documentation and tests for publications

Browse Source 
Add/correct documentation and add some tests related to how access
control around adding tables to publications works.
This commit is contained in:
Peter Eisentraut 2017-03-15 13:52:07 -04:00
parent b5dd50f2c0
commit e76db009f0
4 changed files with 51 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/src/sgml/logical-replication.sgml
View File

@ -307,6 +307,12 @@
privilege in the database. privilege in the database.
</para> </para>
<para>
To add tables to a publication, the user must have ownership rights on the
table. To create a publication that publishes all tables automatically,
the user must be a superuser.
</para>
<para> <para>
To create a subscription, the user must be a superuser. To create a subscription, the user must be a superuser.
</para> </para>

6
doc/src/sgml/ref/create_publication.sgml
View File

@ -143,9 +143,9 @@ CREATE PUBLICATION <replaceable class="parameter">name</replaceable>
</para> </para>
<para> <para>
To add a table to a publication, the invoking user must have To add a table to a publication, the invoking user must have ownership
<command>SELECT</command> privilege on given table. The rights on the table. The <command>FOR ALL TABLES</command> clause requires
<command>FOR ALL TABLES</command> clause requires superuser. the invoking user to be a superuser.
</para> </para>
<para> <para>

20
src/test/regress/expected/publication.out
View File

@ -2,6 +2,7 @@
-- PUBLICATION -- PUBLICATION
-- --
CREATE ROLE regress_publication_user LOGIN SUPERUSER; CREATE ROLE regress_publication_user LOGIN SUPERUSER;
CREATE ROLE regress_publication_user2;
CREATE ROLE regress_publication_user_dummy LOGIN NOSUPERUSER; CREATE ROLE regress_publication_user_dummy LOGIN NOSUPERUSER;
SET SESSION AUTHORIZATION 'regress_publication_user'; SET SESSION AUTHORIZATION 'regress_publication_user';
CREATE PUBLICATION testpub_default; CREATE PUBLICATION testpub_default;
@ -140,6 +141,23 @@ Publications:
"testpib_ins_trunct" "testpib_ins_trunct"
"testpub_fortbl" "testpub_fortbl"
-- permissions
SET ROLE regress_publication_user2;
CREATE PUBLICATION testpub2; -- fail
ERROR: permission denied for database regression
SET ROLE regress_publication_user;
GRANT CREATE ON DATABASE regression TO regress_publication_user2;
SET ROLE regress_publication_user2;
CREATE PUBLICATION testpub2; -- ok
ALTER PUBLICATION testpub2 ADD TABLE testpub_tbl1; -- fail
ERROR: must be owner of relation testpub_tbl1
SET ROLE regress_publication_user;
GRANT regress_publication_user TO regress_publication_user2;
SET ROLE regress_publication_user2;
ALTER PUBLICATION testpub2 ADD TABLE testpub_tbl1; -- ok
DROP PUBLICATION testpub2;
SET ROLE regress_publication_user;
REVOKE CREATE ON DATABASE regression FROM regress_publication_user2;
DROP VIEW testpub_view; DROP VIEW testpub_view;
DROP TABLE testpub_tbl1; DROP TABLE testpub_tbl1;
\dRp+ testpub_default \dRp+ testpub_default
@ -168,5 +186,5 @@ DROP PUBLICATION testpub_fortbl;
DROP SCHEMA pub_test CASCADE; DROP SCHEMA pub_test CASCADE;
NOTICE: drop cascades to table pub_test.testpub_nopk NOTICE: drop cascades to table pub_test.testpub_nopk
RESET SESSION AUTHORIZATION; RESET SESSION AUTHORIZATION;
DROP ROLE regress_publication_user; DROP ROLE regress_publication_user, regress_publication_user2;
DROP ROLE regress_publication_user_dummy; DROP ROLE regress_publication_user_dummy;

24
src/test/regress/sql/publication.sql
View File

@ -2,6 +2,7 @@
-- PUBLICATION -- PUBLICATION
-- --
CREATE ROLE regress_publication_user LOGIN SUPERUSER; CREATE ROLE regress_publication_user LOGIN SUPERUSER;
CREATE ROLE regress_publication_user2;
CREATE ROLE regress_publication_user_dummy LOGIN NOSUPERUSER; CREATE ROLE regress_publication_user_dummy LOGIN NOSUPERUSER;
SET SESSION AUTHORIZATION 'regress_publication_user'; SET SESSION AUTHORIZATION 'regress_publication_user';
@ -69,6 +70,27 @@ ALTER PUBLICATION testpub_default DROP TABLE pub_test.testpub_nopk;
\d+ testpub_tbl1 \d+ testpub_tbl1
-- permissions
SET ROLE regress_publication_user2;
CREATE PUBLICATION testpub2; -- fail
SET ROLE regress_publication_user;
GRANT CREATE ON DATABASE regression TO regress_publication_user2;
SET ROLE regress_publication_user2;
CREATE PUBLICATION testpub2; -- ok
ALTER PUBLICATION testpub2 ADD TABLE testpub_tbl1; -- fail
SET ROLE regress_publication_user;
GRANT regress_publication_user TO regress_publication_user2;
SET ROLE regress_publication_user2;
ALTER PUBLICATION testpub2 ADD TABLE testpub_tbl1; -- ok
DROP PUBLICATION testpub2;
SET ROLE regress_publication_user;
REVOKE CREATE ON DATABASE regression FROM regress_publication_user2;
DROP VIEW testpub_view; DROP VIEW testpub_view;
DROP TABLE testpub_tbl1; DROP TABLE testpub_tbl1;
@ -90,5 +112,5 @@ DROP PUBLICATION testpub_fortbl;
DROP SCHEMA pub_test CASCADE; DROP SCHEMA pub_test CASCADE;
RESET SESSION AUTHORIZATION; RESET SESSION AUTHORIZATION;
DROP ROLE regress_publication_user; DROP ROLE regress_publication_user, regress_publication_user2;
DROP ROLE regress_publication_user_dummy; DROP ROLE regress_publication_user_dummy;