Doc: Outline REPLICATION before SUPERUSER privilege

michaelpq · michaelpq · commit c5114e42fa1d · 2020-05-05T14:16:01.000+09:00
The following docs are updated: - High-availaility section - pg_basebackup - pg_receivewal Per the principle of least privilege, we want to encourage users to interact with those areas using roles that have replication rights, but superusers were mentioned first. Author: Daniel Gustafsson Reviewed-by: Fujii Masao, Michael Paquier Discussion: https://postgr.es/m/ECEBD212-7101-41EB-84F3-2F356E4B6401@yesql.se
diff --git a/doc/src/sgml/high-availability.sgml b/doc/src/sgml/high-availability.sgml
@@ -827,12 +827,14 @@ archive_cleanup_command = 'pg_archivecleanup /path/to/archive %r'
      It is very important that the access privileges for replication be set up
      so that only trusted users can read the WAL stream, because it is
      easy to extract privileged information from it.  Standby servers must
-     authenticate to the primary as a superuser or an account that has the
-     <literal>REPLICATION</literal> privilege. It is recommended to create a
-     dedicated user account with <literal>REPLICATION</literal> and <literal>LOGIN</literal>
-     privileges for replication. While <literal>REPLICATION</literal> privilege gives
-     very high permissions, it does not allow the user to modify any data on
-     the primary system, which the <literal>SUPERUSER</literal> privilege does.
+     authenticate to the primary as an account that has the
+     <literal>REPLICATION</literal> privilege or a superuser. It is
+     recommended to create a dedicated user account with
+     <literal>REPLICATION</literal> and <literal>LOGIN</literal>
+     privileges for replication. While <literal>REPLICATION</literal>
+     privilege gives very high permissions, it does not allow the user to
+     modify any data on the primary system, which the
+     <literal>SUPERUSER</literal> privilege does.
     </para>
 
     <para>
diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml
@@ -51,8 +51,8 @@ PostgreSQL documentation
   <para>
    The backup is made over a regular <productname>PostgreSQL</productname>
    connection, and uses the replication protocol. The connection must be made
-   with a superuser or a user having <literal>REPLICATION</literal>
-   permissions (see <xref linkend="role-attributes"/>),
+   with a user having <literal>REPLICATION</literal> permissions
+   (see <xref linkend="role-attributes"/>) or a superuser,
    and <filename>pg_hba.conf</filename> must explicitly permit the replication
    connection. The server must also be configured
    with <xref linkend="guc-max-wal-senders"/> set high enough to leave at least
diff --git a/doc/src/sgml/ref/pg_receivewal.sgml b/doc/src/sgml/ref/pg_receivewal.sgml
@@ -68,12 +68,13 @@ PostgreSQL documentation
   <para>
    The write-ahead log is streamed over a regular
    <productname>PostgreSQL</productname> connection and uses the replication
-   protocol. The connection must be made with a superuser or a user
-   having <literal>REPLICATION</literal> permissions (see
-   <xref linkend="role-attributes"/>), and <filename>pg_hba.conf</filename>
-   must permit the replication connection. The server must also be
-   configured with <xref linkend="guc-max-wal-senders"/> set high enough to
-   leave at least one session available for the stream.
+   protocol. The connection must be made with a user having 
+   <literal>REPLICATION</literal> permissions (see
+   <xref linkend="role-attributes"/>) or a superuser, and
+   <filename>pg_hba.conf</filename> must permit the replication connection.
+   The server must also be configured with
+   <xref linkend="guc-max-wal-senders"/> set high enough to leave at least
+   one session available for the stream.
   </para>
 
   <para>
