pgsql: Add REPLICATION privilege for ROLEs

Add REPLICATION privilege for ROLEs

This privilege is required to do Streaming Replication, instead of
superuser, making it possible to set up a SR slave that doesn't
have write permissions on the master.

Superuser privileges do NOT override this check, so in order to
use the default superuser account for replication it must be
explicitly granted the REPLICATION permissions. This is backwards
incompatible change, in the interest of higher default security.

Branch
------
master

Details
-------
http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=9b8aff8c192e2f313f90395d114c58a9ef84f97f

Modified Files
--------------
doc/src/sgml/catalogs.sgml | 11 ++++++++
doc/src/sgml/func.sgml | 4 +-
doc/src/sgml/high-availability.sgml | 27 ++++++++++++++-----
doc/src/sgml/ref/alter_role.sgml | 5 +++-
doc/src/sgml/ref/alter_user.sgml | 1 +
doc/src/sgml/ref/create_role.sgml | 16 ++++++++++++
doc/src/sgml/ref/create_user.sgml | 1 +
src/backend/access/transam/xlog.c | 8 +++---
src/backend/catalog/system_views.sql | 3 ++
src/backend/commands/user.c | 46 ++++++++++++++++++++++++++++++++++
src/backend/parser/gram.y | 20 ++++++++++++---
src/backend/utils/init/miscinit.c | 19 ++++++++++++++
src/backend/utils/init/postinit.c | 6 ++--
src/bin/pg_dump/pg_dumpall.c | 25 ++++++++++++++++--
src/bin/psql/describe.c | 8 ++++++
src/include/catalog/pg_authid.h | 12 +++++---
src/include/miscadmin.h | 1 +
src/include/parser/kwlist.h | 2 +
src/test/regress/expected/rules.out | 6 ++--
19 files changed, 189 insertions(+), 32 deletions(-)

On Wed, Dec 29, 2010 at 11:08, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> Add REPLICATION privilege for ROLEs

<snip>
Yeah, I forgot to bump catversion.h for this. But since Robert did
that in the unlogged tables patch, we should be ok again now.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/