database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-10-24 01:29:19 +03:00
Code Activity
Files
f347ec76e2a227e5c5b5065cce7adad16d58d209
postgres/contrib/test_decoding/expected/permissions.out
Peter Eisentraut de4d456b40 Improve several permission-related error messages. 
Mainly move some detail from errmsg to errdetail, remove explicit
mention of superuser where appropriate, since that is implied in most
permission checks, and make messages more uniform.

Author: Nathan Bossart <nathandbossart@gmail.com>
Discussion: https://www.postgresql.org/message-id/20230316234701.GA903298@nathanxps13
2023-03-17 10:33:09 +01:00

135 lines
3.9 KiB
Plaintext
Raw Blame History

-- predictability
SET synchronous_commit = on;
-- setup
CREATE ROLE regress_lr_normal;
CREATE ROLE regress_lr_superuser SUPERUSER;
CREATE ROLE regress_lr_replication REPLICATION;
CREATE TABLE lr_test(data text);
-- superuser can control replication
SET ROLE regress_lr_superuser;
SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
?column?
----------
init
(1 row)
INSERT INTO lr_test VALUES('lr_superuser_init');
SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0', 'skip-empty-xacts', '1');
data
--------------------------------------------------------------
BEGIN
table public.lr_test: INSERT: data[text]:'lr_superuser_init'
COMMIT
(3 rows)
SELECT pg_drop_replication_slot('regression_slot');
pg_drop_replication_slot
--------------------------
(1 row)
RESET ROLE;
-- replication user can control replication
SET ROLE regress_lr_replication;
SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
?column?
----------
init
(1 row)
INSERT INTO lr_test VALUES('lr_superuser_init');
ERROR: permission denied for table lr_test
SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0', 'skip-empty-xacts', '1');
data
------
(0 rows)
SELECT pg_drop_replication_slot('regression_slot');
pg_drop_replication_slot
--------------------------
(1 row)
RESET ROLE;
-- plain user *can't* can control replication
SET ROLE regress_lr_normal;
SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
ERROR: permission denied to use replication slots
DETAIL: Only roles with the REPLICATION attribute may use replication slots.
INSERT INTO lr_test VALUES('lr_superuser_init');
ERROR: permission denied for table lr_test
SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0', 'skip-empty-xacts', '1');
ERROR: permission denied to use replication slots
DETAIL: Only roles with the REPLICATION attribute may use replication slots.
SELECT pg_drop_replication_slot('regression_slot');
ERROR: permission denied to use replication slots
DETAIL: Only roles with the REPLICATION attribute may use replication slots.
RESET ROLE;
-- replication users can drop superuser created slots
SET ROLE regress_lr_superuser;
SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
?column?
----------
init
(1 row)
RESET ROLE;
SET ROLE regress_lr_replication;
SELECT pg_drop_replication_slot('regression_slot');
pg_drop_replication_slot
--------------------------
(1 row)
RESET ROLE;
-- normal users can't drop existing slots
SET ROLE regress_lr_superuser;
SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
?column?
----------
init
(1 row)
RESET ROLE;
SET ROLE regress_lr_normal;
SELECT pg_drop_replication_slot('regression_slot');
ERROR: permission denied to use replication slots
DETAIL: Only roles with the REPLICATION attribute may use replication slots.
RESET ROLE;
-- all users can see existing slots
SET ROLE regress_lr_superuser;
SELECT slot_name, plugin FROM pg_replication_slots;
slot_name | plugin
-----------------+---------------
regression_slot | test_decoding
(1 row)
RESET ROLE;
SET ROLE regress_lr_replication;
SELECT slot_name, plugin FROM pg_replication_slots;
slot_name | plugin
-----------------+---------------
regression_slot | test_decoding
(1 row)
RESET ROLE;
SET ROLE regress_lr_normal;
SELECT slot_name, plugin FROM pg_replication_slots;
slot_name | plugin
-----------------+---------------
regression_slot | test_decoding
(1 row)
RESET ROLE;
-- cleanup
SELECT pg_drop_replication_slot('regression_slot');
pg_drop_replication_slot
--------------------------
(1 row)
DROP ROLE regress_lr_normal;
DROP ROLE regress_lr_superuser;
DROP ROLE regress_lr_replication;
DROP TABLE lr_test;
View Git Blame Copy Permalink