diff --git a/doc/src/sgml/ref/comment.sgml b/doc/src/sgml/ref/comment.sgml
index 8fe17a5767d..df328117f1d 100644
--- a/doc/src/sgml/ref/comment.sgml
+++ b/doc/src/sgml/ref/comment.sgml
@@ -46,12 +46,14 @@ COMMENT ON
OPERATOR FAMILY object_name USING index_method |
POLICY policy_name ON table_name |
[ PROCEDURAL ] LANGUAGE object_name |
+ PUBLICATION object_name |
ROLE object_name |
RULE rule_name ON table_name |
SCHEMA object_name |
SEQUENCE object_name |
SERVER object_name |
STATISTICS object_name |
+ SUBSCRIPTION object_name |
TABLE object_name |
TABLESPACE object_name |
TEXT SEARCH CONFIGURATION object_name |
diff --git a/doc/src/sgml/ref/security_label.sgml b/doc/src/sgml/ref/security_label.sgml
index afd86aff3a0..aa8be473bdf 100644
--- a/doc/src/sgml/ref/security_label.sgml
+++ b/doc/src/sgml/ref/security_label.sgml
@@ -34,9 +34,11 @@ SECURITY LABEL [ FOR provider ] ON
LARGE OBJECT large_object_oid |
MATERIALIZED VIEW object_name |
[ PROCEDURAL ] LANGUAGE object_name |
+ PUBLICATION object_name |
ROLE object_name |
SCHEMA object_name |
SEQUENCE object_name |
+ SUBSCRIPTION object_name |
TABLESPACE object_name |
TYPE object_name |
VIEW object_name
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql
index b41882aa521..d8b762ee3fb 100644
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -424,6 +424,28 @@ FROM
WHERE
l.objsubid = 0
UNION ALL
+SELECT
+ l.objoid, l.classoid, l.objsubid,
+ 'publication'::text AS objtype,
+ NULL::oid AS objnamespace,
+ quote_ident(p.pubname) AS objname,
+ l.provider, l.label
+FROM
+ pg_seclabel l
+ JOIN pg_publication p ON l.classoid = p.tableoid AND l.objoid = p.oid
+WHERE
+ l.objsubid = 0
+UNION ALL
+SELECT
+ l.objoid, l.classoid, 0::int4 AS objsubid,
+ 'subscription'::text AS objtype,
+ NULL::oid AS objnamespace,
+ quote_ident(s.subname) AS objname,
+ l.provider, l.label
+FROM
+ pg_shseclabel l
+ JOIN pg_subscription s ON l.classoid = s.tableoid AND l.objoid = s.oid
+UNION ALL
SELECT
l.objoid, l.classoid, 0::int4 AS objsubid,
'database'::text AS objtype,
diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y
index bbcfc1fb4fd..19dd77d7877 100644
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@@ -6340,9 +6340,11 @@ comment_type_name:
| EXTENSION { $$ = OBJECT_EXTENSION; }
| FOREIGN DATA_P WRAPPER { $$ = OBJECT_FDW; }
| opt_procedural LANGUAGE { $$ = OBJECT_LANGUAGE; }
+ | PUBLICATION { $$ = OBJECT_PUBLICATION; }
| ROLE { $$ = OBJECT_ROLE; }
| SCHEMA { $$ = OBJECT_SCHEMA; }
| SERVER { $$ = OBJECT_FOREIGN_SERVER; }
+ | SUBSCRIPTION { $$ = OBJECT_SUBSCRIPTION; }
| TABLESPACE { $$ = OBJECT_TABLESPACE; }
;
@@ -6453,8 +6455,10 @@ security_label_type_name:
DATABASE { $$ = OBJECT_DATABASE; }
| EVENT TRIGGER { $$ = OBJECT_EVENT_TRIGGER; }
| opt_procedural LANGUAGE { $$ = OBJECT_LANGUAGE; }
+ | PUBLICATION { $$ = OBJECT_PUBLICATION; }
| ROLE { $$ = OBJECT_ROLE; }
| SCHEMA { $$ = OBJECT_SCHEMA; }
+ | SUBSCRIPTION { $$ = OBJECT_SUBSCRIPTION; }
| TABLESPACE { $$ = OBJECT_TABLESPACE; }
;
diff --git a/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out b/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
index 9c0c9cd815b..7273df17b2e 100644
--- a/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
+++ b/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
@@ -67,20 +67,28 @@ SECURITY LABEL ON FUNCTION dummy_seclabel_four() IS 'classified'; -- OK
SECURITY LABEL ON DOMAIN dummy_seclabel_domain IS 'classified'; -- OK
CREATE SCHEMA dummy_seclabel_test;
SECURITY LABEL ON SCHEMA dummy_seclabel_test IS 'unclassified'; -- OK
+SET client_min_messages = error;
+CREATE PUBLICATION dummy_pub;
+CREATE SUBSCRIPTION dummy_sub CONNECTION '' PUBLICATION foo WITH (NOCONNECT);
+RESET client_min_messages;
+SECURITY LABEL ON PUBLICATION dummy_pub IS 'classified';
+SECURITY LABEL ON SUBSCRIPTION dummy_sub IS 'classified';
SELECT objtype, objname, provider, label FROM pg_seclabels
ORDER BY objtype, objname;
- objtype | objname | provider | label
-----------+------------------------------+----------+--------------
- column | dummy_seclabel_tbl1.a | dummy | unclassified
- domain | dummy_seclabel_domain | dummy | classified
- function | dummy_seclabel_four() | dummy | classified
- role | regress_dummy_seclabel_user1 | dummy | classified
- role | regress_dummy_seclabel_user2 | dummy | unclassified
- schema | dummy_seclabel_test | dummy | unclassified
- table | dummy_seclabel_tbl1 | dummy | top secret
- table | dummy_seclabel_tbl2 | dummy | classified
- view | dummy_seclabel_view1 | dummy | classified
-(9 rows)
+ objtype | objname | provider | label
+--------------+------------------------------+----------+--------------
+ column | dummy_seclabel_tbl1.a | dummy | unclassified
+ domain | dummy_seclabel_domain | dummy | classified
+ function | dummy_seclabel_four() | dummy | classified
+ publication | dummy_pub | dummy | classified
+ role | regress_dummy_seclabel_user1 | dummy | classified
+ role | regress_dummy_seclabel_user2 | dummy | unclassified
+ schema | dummy_seclabel_test | dummy | unclassified
+ subscription | dummy_sub | dummy | classified
+ table | dummy_seclabel_tbl1 | dummy | top secret
+ table | dummy_seclabel_tbl2 | dummy | classified
+ view | dummy_seclabel_view1 | dummy | classified
+(11 rows)
-- check for event trigger
CREATE FUNCTION event_trigger_test()
diff --git a/src/test/modules/dummy_seclabel/sql/dummy_seclabel.sql b/src/test/modules/dummy_seclabel/sql/dummy_seclabel.sql
index 854906f3ed9..6b0d0acbff5 100644
--- a/src/test/modules/dummy_seclabel/sql/dummy_seclabel.sql
+++ b/src/test/modules/dummy_seclabel/sql/dummy_seclabel.sql
@@ -71,6 +71,13 @@ SECURITY LABEL ON DOMAIN dummy_seclabel_domain IS 'classified'; -- OK
CREATE SCHEMA dummy_seclabel_test;
SECURITY LABEL ON SCHEMA dummy_seclabel_test IS 'unclassified'; -- OK
+SET client_min_messages = error;
+CREATE PUBLICATION dummy_pub;
+CREATE SUBSCRIPTION dummy_sub CONNECTION '' PUBLICATION foo WITH (NOCONNECT);
+RESET client_min_messages;
+SECURITY LABEL ON PUBLICATION dummy_pub IS 'classified';
+SECURITY LABEL ON SUBSCRIPTION dummy_sub IS 'classified';
+
SELECT objtype, objname, provider, label FROM pg_seclabels
ORDER BY objtype, objname;
diff --git a/src/test/regress/expected/publication.out b/src/test/regress/expected/publication.out
index 5a7c0edf7d5..0964718a60e 100644
--- a/src/test/regress/expected/publication.out
+++ b/src/test/regress/expected/publication.out
@@ -6,6 +6,13 @@ CREATE ROLE regress_publication_user2;
CREATE ROLE regress_publication_user_dummy LOGIN NOSUPERUSER;
SET SESSION AUTHORIZATION 'regress_publication_user';
CREATE PUBLICATION testpub_default;
+COMMENT ON PUBLICATION testpub_default IS 'test publication';
+SELECT obj_description(p.oid, 'pg_publication') FROM pg_publication p;
+ obj_description
+------------------
+ test publication
+(1 row)
+
CREATE PUBLICATION testpib_ins_trunct WITH (nopublish delete, nopublish update);
ALTER PUBLICATION testpub_default WITH (nopublish insert, nopublish delete);
\dRp
diff --git a/src/test/regress/expected/rules.out b/src/test/regress/expected/rules.out
index 7f04c7a7cc8..e8f8726c537 100644
--- a/src/test/regress/expected/rules.out
+++ b/src/test/regress/expected/rules.out
@@ -1605,6 +1605,29 @@ UNION ALL
FROM (pg_seclabel l
JOIN pg_event_trigger evt ON (((l.classoid = evt.tableoid) AND (l.objoid = evt.oid))))
WHERE (l.objsubid = 0)
+UNION ALL
+ SELECT l.objoid,
+ l.classoid,
+ l.objsubid,
+ 'publication'::text AS objtype,
+ NULL::oid AS objnamespace,
+ quote_ident((p.pubname)::text) AS objname,
+ l.provider,
+ l.label
+ FROM (pg_seclabel l
+ JOIN pg_publication p ON (((l.classoid = p.tableoid) AND (l.objoid = p.oid))))
+ WHERE (l.objsubid = 0)
+UNION ALL
+ SELECT l.objoid,
+ l.classoid,
+ 0 AS objsubid,
+ 'subscription'::text AS objtype,
+ NULL::oid AS objnamespace,
+ quote_ident((s.subname)::text) AS objname,
+ l.provider,
+ l.label
+ FROM (pg_shseclabel l
+ JOIN pg_subscription s ON (((l.classoid = s.tableoid) AND (l.objoid = s.oid))))
UNION ALL
SELECT l.objoid,
l.classoid,
diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out
index 74a5255e2a5..41f8def2f7f 100644
--- a/src/test/regress/expected/subscription.out
+++ b/src/test/regress/expected/subscription.out
@@ -30,6 +30,13 @@ ERROR: publication name "foo" used more than once
-- ok
CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);
WARNING: tables were not subscribed, you will have to run ALTER SUBSCRIPTION ... REFRESH PUBLICATION to subscribe the tables
+COMMENT ON SUBSCRIPTION testsub IS 'test subscription';
+SELECT obj_description(s.oid, 'pg_subscription') FROM pg_subscription s;
+ obj_description
+-------------------
+ test subscription
+(1 row)
+
-- fail - name already exists
CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);
ERROR: subscription "testsub" already exists
diff --git a/src/test/regress/sql/publication.sql b/src/test/regress/sql/publication.sql
index cff9931a77f..85530bec0e7 100644
--- a/src/test/regress/sql/publication.sql
+++ b/src/test/regress/sql/publication.sql
@@ -8,6 +8,9 @@ SET SESSION AUTHORIZATION 'regress_publication_user';
CREATE PUBLICATION testpub_default;
+COMMENT ON PUBLICATION testpub_default IS 'test publication';
+SELECT obj_description(p.oid, 'pg_publication') FROM pg_publication p;
+
CREATE PUBLICATION testpib_ins_trunct WITH (nopublish delete, nopublish update);
ALTER PUBLICATION testpub_default WITH (nopublish insert, nopublish delete);
diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql
index b0eac187852..2db97db2f51 100644
--- a/src/test/regress/sql/subscription.sql
+++ b/src/test/regress/sql/subscription.sql
@@ -27,6 +27,9 @@ CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION foo, te
-- ok
CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);
+COMMENT ON SUBSCRIPTION testsub IS 'test subscription';
+SELECT obj_description(s.oid, 'pg_subscription') FROM pg_subscription s;
+
-- fail - name already exists
CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);