On Fri, 2006-02-03 at 16:00 +0000, Roger Lucas wrote:
> Hi Rod,
> 
> Thanks for your comments.  
> 
> Just for clarification, do you mean that you are creating a completely new
> partitioned table every few hours and running "slon" to configure its
> replication across the different nodes?

It's closer to once every 10 minutes since there are numerous structures
which are frequently partitioned.

> Even if the above is true, and as you pointed out at the bottom of your
> post, Slony still does not need full superuser access.

Nor do I run Slony with superuser access. It has access only to the
schemas and tables necessary to carry out replication.

Of course, if you replicated the entire database, then that would be
nearly equivalent to super-user access.

> > -----Original Message-----
> > From: Rod Taylor [mailto:pg at rbt.ca]
> > Sent: 03 February 2006 15:51
> > To: Roger Lucas
> > Cc: 'Andrew Sullivan'; slony1-general at gborg.postgresql.org
> > Subject: Re: [Slony1-general] Security with slony
> > 
> > > When an administrator wishes to reconfigure the replication hierarchy,
> > which
> > > would be a relatively rare event, then they can explictly log in to
> > 
> > I'm going to argue against the assumption that this is a rare event. In
> > fact, if you are replicating a partitioned table the reconfiguration
> > will occur once per partition creation which could be quite frequent
> > (say hourly on several structures).
> > 
> > I will also argue against the assumption that it is an administrator
> > doing the reconfiguration by hand rather than an automated toolkit.
> > 
> > Of course, creation of an inherited table requires ownership of the
> > parent and create privileges -- not full superuser access.
> > 
> > --
> 
> 
--