diff --git a/doc/src/sgml/high-availability.sgml b/doc/src/sgml/high-availability.sgml index 2c24fd9c139..b1ec461f53e 100644 --- a/doc/src/sgml/high-availability.sgml +++ b/doc/src/sgml/high-availability.sgml @@ -805,9 +805,9 @@ archive_cleanup_command = 'pg_archivecleanup /path/to/archive %r' It is recommended that a dedicated user account is used for replication. - While it is possible to add the REPLICATION privilege to - a superuser account for the purporses of replication, this is not - recommended. While REPLICATION privilege gives very high + While the REPLICATION privilege is granted to superuser + accounts by default, it is not recommended to use superuser accounts + for replication. While REPLICATION privilege gives very high permissions, it does not allow the user to modify any data on the primary system, which the SUPERUSER privilege does. diff --git a/doc/src/sgml/ref/create_role.sgml b/doc/src/sgml/ref/create_role.sgml index 7cc7f149fdc..43bec5d8e13 100644 --- a/doc/src/sgml/ref/create_role.sgml +++ b/doc/src/sgml/ref/create_role.sgml @@ -185,7 +185,8 @@ CREATE ROLE name [ [ WITH ] REPLICATION attribute is a very highly privileged role, and should only be used on roles actually used for replication. If not specified, - NOREPLICATION is the default. + NOREPLICATION is the default for all roles except + superusers. diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 08b3fb7dc42..2830aec49ca 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -175,7 +175,11 @@ CREATE USER name; to do most of your work as a role that is not a superuser. To create a new database superuser, use CREATE ROLE name SUPERUSER. You must do - this as a role that is already a superuser. + this as a role that is already a superuser. Creating a superuser + will by default also grant permissions to initiate streaming + replication. For increased security this can be disallowed using + CREATE ROLE name SUPERUSER + NOREPLICATION. @@ -214,9 +218,8 @@ CREATE USER name; A role must explicitly be given permission to initiate streaming - replication (superusers do not bypass this check). A role used - for streaming replication must always have LOGIN - permission as well. To create such a role, use + replication. A role used for streaming replication must always + have LOGIN permission as well. To create such a role, use CREATE ROLE name REPLICATION LOGIN. diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 9e505b7525f..be049cb9945 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -248,7 +248,15 @@ CreateRole(CreateRoleStmt *stmt) if (dpassword && dpassword->arg) password = strVal(dpassword->arg); if (dissuper) + { issuper = intVal(dissuper->arg) != 0; + /* + * Superusers get replication by default, but only if + * NOREPLICATION wasn't explicitly mentioned + */ + if (!(disreplication && intVal(disreplication->arg) == 0)) + isreplication = 1; + } if (dinherit) inherit = intVal(dinherit->arg) != 0; if (dcreaterole) diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h index 2daf9f80ef4..3f5ef242ed2 100644 --- a/src/include/catalog/catversion.h +++ b/src/include/catalog/catversion.h @@ -53,6 +53,6 @@ */ /* yyyymmddN */ -#define CATALOG_VERSION_NO 201101031 +#define CATALOG_VERSION_NO 201101051 #endif diff --git a/src/include/catalog/pg_authid.h b/src/include/catalog/pg_authid.h index 7eee4cb5cbc..0c5ae443a0d 100644 --- a/src/include/catalog/pg_authid.h +++ b/src/include/catalog/pg_authid.h @@ -93,7 +93,7 @@ typedef FormData_pg_authid *Form_pg_authid; * user choices. * ---------------- */ -DATA(insert OID = 10 ( "POSTGRES" t t t t t t f -1 _null_ _null_ )); +DATA(insert OID = 10 ( "POSTGRES" t t t t t t t -1 _null_ _null_ )); #define BOOTSTRAP_SUPERUSERID 10