31.7. Security
The role used for the replication connection must have
the
REPLICATION
attribute (or be a superuser). Access for the role must be
configured in
pg_hba.conf
.
To create a publication, the user must have the
CREATE
privilege in the database.
To add tables to a publication, the user must have ownership rights on the table. To create a publication that publishes all tables automatically, the user must be a superuser.
To create a subscription, the user must be a superuser.
The subscription apply process will run in the local database with the privileges of a superuser.
Privileges are only checked once at the start of a replication connection. They are not re-checked as each change record is read from the publisher, nor are they re-checked for each change when applied.