grants on rr_pending_changes

[radekz]

Setting up replication right now will break permissions for non-superusers (unless you "grant insert" on rr_pending_changes and "select,usage" on its sequence to PUBLIC -- not very secure).

Could be fixed by making the trigger functions SECURITY DEFINER.

This is a critical one... :-/

[alehmann]

You can define your own handler that is called after infrastructure tables are set up. You can use it to set up your desired permission settings.

The handler is specification with configuration option :after_infrastructure_setup.

Refer to the following page for more details and a practical example: http://rubyrep.rubyforge.org/classes/RR/Configuration.html

[radekz]

I don't know which users/roles should have access; it changes. This information doesn't belong in rubyrep's configuration file anyway.

Marking the function as security definer from the hook would make it a security hole, since search_path is not being set.

Granting insert to public is not a secure option either.

I consider breaking permissions by default a major bug.

[alehmann]

So what would be your suggestion?