diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 12:19:15 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 12:19:15 +0000 |
| commit | 6eb9c5a5657d1fe77b55cc261450f3538d35a94d (patch) | |
| tree | 657d8194422a5daccecfd42d654b8a245ef7b4c8 /doc/src/sgml/html/logical-replication-security.html | |
| parent | Initial commit. (diff) | |
| download | postgresql-13-upstream/13.4.tar.xz postgresql-13-upstream/13.4.zip | |
Adding upstream version 13.4.upstream/13.4upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/src/sgml/html/logical-replication-security.html')
| -rw-r--r-- | doc/src/sgml/html/logical-replication-security.html | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/doc/src/sgml/html/logical-replication-security.html b/doc/src/sgml/html/logical-replication-security.html new file mode 100644 index 0000000..c4ce0c4 --- /dev/null +++ b/doc/src/sgml/html/logical-replication-security.html @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>30.7. Security</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="logical-replication-monitoring.html" title="30.6. Monitoring" /><link rel="next" href="logical-replication-config.html" title="30.8. Configuration Settings" /></head><body id="docContent" class="container-fluid col-10"><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">30.7. Security</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="logical-replication-monitoring.html" title="30.6. Monitoring">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="logical-replication.html" title="Chapter 30. Logical Replication">Up</a></td><th width="60%" align="center">Chapter 30. Logical Replication</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="logical-replication-config.html" title="30.8. Configuration Settings">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="LOGICAL-REPLICATION-SECURITY"><div class="titlepage"><div><div><h2 class="title" style="clear: both">30.7. Security</h2></div></div></div><p> + A user able to modify the schema of subscriber-side tables can execute + arbitrary code as a superuser. Limit ownership + and <code class="literal">TRIGGER</code> privilege on such tables to roles that + superusers trust. Moreover, if untrusted users can create tables, use only + publications that list tables explicitly. That is to say, create a + subscription <code class="literal">FOR ALL TABLES</code> only when superusers trust + every user permitted to create a non-temp table on the publisher or the + subscriber. + </p><p> + The role used for the replication connection must have + the <code class="literal">REPLICATION</code> attribute (or be a superuser). If the + role lacks <code class="literal">SUPERUSER</code> and <code class="literal">BYPASSRLS</code>, + publisher row security policies can execute. If the role does not trust + all table owners, include <code class="literal">options=-crow_security=off</code> in + the connection string; if a table owner then adds a row security policy, + that setting will cause replication to halt rather than execute the policy. + Access for the role must be configured in <code class="filename">pg_hba.conf</code> + and it must have the <code class="literal">LOGIN</code> attribute. + </p><p> + In order to be able to copy the initial table data, the role used for the + replication connection must have the <code class="literal">SELECT</code> privilege on + a published table (or be a superuser). + </p><p> + To create a publication, the user must have the <code class="literal">CREATE</code> + privilege in the database. + </p><p> + To add tables to a publication, the user must have ownership rights on the + table. To create a publication that publishes all tables automatically, + the user must be a superuser. + </p><p> + To create a subscription, the user must be a superuser. + </p><p> + The subscription apply process will run in the local database with the + privileges of a superuser. + </p><p> + Privileges are only checked once at the start of a replication connection. + They are not re-checked as each change record is read from the publisher, + nor are they re-checked for each change when applied. + </p></div><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navfooter"><hr></hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="logical-replication-monitoring.html" title="30.6. Monitoring">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="logical-replication.html" title="Chapter 30. Logical Replication">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="logical-replication-config.html" title="30.8. Configuration Settings">Next</a></td></tr><tr><td width="40%" align="left" valign="top">30.6. Monitoring </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 30.8. Configuration Settings</td></tr></table></div></body></html>
\ No newline at end of file |