From 95675a0c79bb9bdb7162801858e69e32366bdbbd Mon Sep 17 00:00:00 2001 From: Steve Singer Date: Thu, 11 Aug 2011 16:12:54 -0400 Subject: [PATCH] The slon local connection needs to be a superuser to set session_replication_role. Update the docs to reflect this and remove some of the discussion about running as a non-superuser since that apparently won't work (today). --- doc/adminguide/security.sgml | 51 +++++------------------------------- 1 file changed, 7 insertions(+), 44 deletions(-) diff --git a/doc/adminguide/security.sgml b/doc/adminguide/security.sgml index ae758908..aaf3344a 100644 --- a/doc/adminguide/security.sgml +++ b/doc/adminguide/security.sgml @@ -47,6 +47,9 @@ places. Make modifications (INSERT/UPDATE/DELETE/ALTER) to all replicated tables. + + set the session_replication_role to replica + @@ -92,51 +95,11 @@ management user be a superuser, as, in that case, one need not think about what permissions to configure, but this is excessive. There is only actually one place where &slony1; truly requires -superuser access, and that is during the subscription process, as it -uses a hack to substantially improve performance, -updating the system catalogue directly to shut off indices during the -COPY. This functionality is restricted to two -functions, as of version 2.1, with -disable_indexes_on_table() and -enable_indexes_on_table(), which may appropriate -superuser permissions if configured with SECURITY -DEFINER. If these two functions are owned by a superuser, -then that is all the database superuser access that is -required. - - One could set up a weak user assigned to all -&lslon; requests. The minimal permissions that -this user, let's call it weakuser, requires are as -follows: - - - - It must have read access to the &slony1;-specific -namespace - - It must have read access to all tables and sequences -in that namespace - - It must have write access to the &slony1; table -sl_nodelock and sequence -sl_nodelock_nl_conncnt_seq - - At subscribe time, it must have read access to all of -the replicated tables. - - Outside of subscription time, there is no need for access to -access to the replicated tables. - - There is some need for read access to tables in -pg_catalog; it has not been verified how little access would be -suitable. - - As mentioned, the functions for disabling and -re-enabling indexes during the subscription process must be owned by a -superuser, and must be accessible to the weak user. - +superuser access, and that is for installation (slonik) and on the +local connetion slon uses. + - + Handling Database Authentication (Passwords)