Allow publications FOR ALL TABLES to neon_superuser

neondatabase · Feb 6, 2024 · d88acb5 · d88acb5
1 parent ddd992d
commit d88acb5
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/src/backend/commands/publicationcmds.c b/src/backend/commands/publicationcmds.c
@@ -728,6 +728,13 @@ CheckPubRelationColumnList(char *pubname, List *tables,
 	}
 }
 
+static bool
+is_neon_superuser(void)
+{
+	Oid neon_superuser_oid = get_role_oid("neon_superuser", true /*missing_ok*/);
+	return neon_superuser_oid != InvalidOid && has_privs_of_role(GetCurrentRoleId(), neon_superuser_oid);
+}
+
 /*
  * Create new publication.
  */
@@ -755,7 +762,7 @@ CreatePublication(ParseState *pstate, CreatePublicationStmt *stmt)
 					   get_database_name(MyDatabaseId));
 
 	/* FOR ALL TABLES requires superuser */
-	if (stmt->for_all_tables && !superuser())
+	if (stmt->for_all_tables && !superuser() && !is_neon_superuser())
 		ereport(ERROR,
 				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 				 errmsg("must be superuser to create FOR ALL TABLES publication")));
@@ -826,7 +833,7 @@ CreatePublication(ParseState *pstate, CreatePublicationStmt *stmt)
 								   &schemaidlist);
 
 		/* FOR TABLES IN SCHEMA requires superuser */
-		if (schemaidlist != NIL && !superuser())
+		if (schemaidlist != NIL && !superuser() && !is_neon_superuser())
 			ereport(ERROR,
 					errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 					errmsg("must be superuser to create FOR TABLES IN SCHEMA publication"));