mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-12-15 08:20:16 +08:00
8b9e9644dc
AclObjectKind was basically just another enumeration for object types, and we already have a preferred one for that. It's only used in aclcheck_error. By using ObjectType instead, we can also give some more precise error messages, for example "index" instead of "relation". Reviewed-by: Michael Paquier <michael.paquier@gmail.com>
131 lines
3.7 KiB
Plaintext
131 lines
3.7 KiB
Plaintext
-- predictability
|
|
SET synchronous_commit = on;
|
|
-- setup
|
|
CREATE ROLE regress_lr_normal;
|
|
CREATE ROLE regress_lr_superuser SUPERUSER;
|
|
CREATE ROLE regress_lr_replication REPLICATION;
|
|
CREATE TABLE lr_test(data text);
|
|
-- superuser can control replication
|
|
SET ROLE regress_lr_superuser;
|
|
SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
|
|
?column?
|
|
----------
|
|
init
|
|
(1 row)
|
|
|
|
INSERT INTO lr_test VALUES('lr_superuser_init');
|
|
SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0', 'skip-empty-xacts', '1');
|
|
data
|
|
--------------------------------------------------------------
|
|
BEGIN
|
|
table public.lr_test: INSERT: data[text]:'lr_superuser_init'
|
|
COMMIT
|
|
(3 rows)
|
|
|
|
SELECT pg_drop_replication_slot('regression_slot');
|
|
pg_drop_replication_slot
|
|
--------------------------
|
|
|
|
(1 row)
|
|
|
|
RESET ROLE;
|
|
-- replication user can control replication
|
|
SET ROLE regress_lr_replication;
|
|
SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
|
|
?column?
|
|
----------
|
|
init
|
|
(1 row)
|
|
|
|
INSERT INTO lr_test VALUES('lr_superuser_init');
|
|
ERROR: permission denied for table lr_test
|
|
SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0', 'skip-empty-xacts', '1');
|
|
data
|
|
------
|
|
(0 rows)
|
|
|
|
SELECT pg_drop_replication_slot('regression_slot');
|
|
pg_drop_replication_slot
|
|
--------------------------
|
|
|
|
(1 row)
|
|
|
|
RESET ROLE;
|
|
-- plain user *can't* can control replication
|
|
SET ROLE regress_lr_normal;
|
|
SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
|
|
ERROR: must be superuser or replication role to use replication slots
|
|
INSERT INTO lr_test VALUES('lr_superuser_init');
|
|
ERROR: permission denied for table lr_test
|
|
SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0', 'skip-empty-xacts', '1');
|
|
ERROR: must be superuser or replication role to use replication slots
|
|
SELECT pg_drop_replication_slot('regression_slot');
|
|
ERROR: must be superuser or replication role to use replication slots
|
|
RESET ROLE;
|
|
-- replication users can drop superuser created slots
|
|
SET ROLE regress_lr_superuser;
|
|
SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
|
|
?column?
|
|
----------
|
|
init
|
|
(1 row)
|
|
|
|
RESET ROLE;
|
|
SET ROLE regress_lr_replication;
|
|
SELECT pg_drop_replication_slot('regression_slot');
|
|
pg_drop_replication_slot
|
|
--------------------------
|
|
|
|
(1 row)
|
|
|
|
RESET ROLE;
|
|
-- normal users can't drop existing slots
|
|
SET ROLE regress_lr_superuser;
|
|
SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
|
|
?column?
|
|
----------
|
|
init
|
|
(1 row)
|
|
|
|
RESET ROLE;
|
|
SET ROLE regress_lr_normal;
|
|
SELECT pg_drop_replication_slot('regression_slot');
|
|
ERROR: must be superuser or replication role to use replication slots
|
|
RESET ROLE;
|
|
-- all users can see existing slots
|
|
SET ROLE regress_lr_superuser;
|
|
SELECT slot_name, plugin FROM pg_replication_slots;
|
|
slot_name | plugin
|
|
-----------------+---------------
|
|
regression_slot | test_decoding
|
|
(1 row)
|
|
|
|
RESET ROLE;
|
|
SET ROLE regress_lr_replication;
|
|
SELECT slot_name, plugin FROM pg_replication_slots;
|
|
slot_name | plugin
|
|
-----------------+---------------
|
|
regression_slot | test_decoding
|
|
(1 row)
|
|
|
|
RESET ROLE;
|
|
SET ROLE regress_lr_normal;
|
|
SELECT slot_name, plugin FROM pg_replication_slots;
|
|
slot_name | plugin
|
|
-----------------+---------------
|
|
regression_slot | test_decoding
|
|
(1 row)
|
|
|
|
RESET ROLE;
|
|
-- cleanup
|
|
SELECT pg_drop_replication_slot('regression_slot');
|
|
pg_drop_replication_slot
|
|
--------------------------
|
|
|
|
(1 row)
|
|
|
|
DROP ROLE regress_lr_normal;
|
|
DROP ROLE regress_lr_superuser;
|
|
DROP ROLE regress_lr_replication;
|
|
DROP TABLE lr_test;
|