diff options
| -rw-r--r-- | doc/src/sgml/high-availability.sgml | 14 | ||||
| -rw-r--r-- | doc/src/sgml/ref/pg_basebackup.sgml | 4 | ||||
| -rw-r--r-- | doc/src/sgml/ref/pg_receivewal.sgml | 13 |
3 files changed, 17 insertions, 14 deletions
diff --git a/doc/src/sgml/high-availability.sgml b/doc/src/sgml/high-availability.sgml index 52e47379cc7..8862f84412e 100644 --- a/doc/src/sgml/high-availability.sgml +++ b/doc/src/sgml/high-availability.sgml @@ -827,12 +827,14 @@ archive_cleanup_command = 'pg_archivecleanup /path/to/archive %r' It is very important that the access privileges for replication be set up so that only trusted users can read the WAL stream, because it is easy to extract privileged information from it. Standby servers must - authenticate to the primary as a superuser or an account that has the - <literal>REPLICATION</literal> privilege. It is recommended to create a - dedicated user account with <literal>REPLICATION</literal> and <literal>LOGIN</literal> - privileges for replication. While <literal>REPLICATION</literal> privilege gives - very high permissions, it does not allow the user to modify any data on - the primary system, which the <literal>SUPERUSER</literal> privilege does. + authenticate to the primary as an account that has the + <literal>REPLICATION</literal> privilege or a superuser. It is + recommended to create a dedicated user account with + <literal>REPLICATION</literal> and <literal>LOGIN</literal> + privileges for replication. While <literal>REPLICATION</literal> + privilege gives very high permissions, it does not allow the user to + modify any data on the primary system, which the + <literal>SUPERUSER</literal> privilege does. </para> <para> diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml index 01ce44ee220..12fadabfb86 100644 --- a/doc/src/sgml/ref/pg_basebackup.sgml +++ b/doc/src/sgml/ref/pg_basebackup.sgml @@ -51,8 +51,8 @@ PostgreSQL documentation <para> The backup is made over a regular <productname>PostgreSQL</productname> connection, and uses the replication protocol. The connection must be made - with a superuser or a user having <literal>REPLICATION</literal> - permissions (see <xref linkend="role-attributes"/>), + with a user having <literal>REPLICATION</literal> permissions + (see <xref linkend="role-attributes"/>) or a superuser, and <filename>pg_hba.conf</filename> must explicitly permit the replication connection. The server must also be configured with <xref linkend="guc-max-wal-senders"/> set high enough to leave at least diff --git a/doc/src/sgml/ref/pg_receivewal.sgml b/doc/src/sgml/ref/pg_receivewal.sgml index febfc0ba135..73431bfc052 100644 --- a/doc/src/sgml/ref/pg_receivewal.sgml +++ b/doc/src/sgml/ref/pg_receivewal.sgml @@ -68,12 +68,13 @@ PostgreSQL documentation <para> The write-ahead log is streamed over a regular <productname>PostgreSQL</productname> connection and uses the replication - protocol. The connection must be made with a superuser or a user - having <literal>REPLICATION</literal> permissions (see - <xref linkend="role-attributes"/>), and <filename>pg_hba.conf</filename> - must permit the replication connection. The server must also be - configured with <xref linkend="guc-max-wal-senders"/> set high enough to - leave at least one session available for the stream. + protocol. The connection must be made with a user having + <literal>REPLICATION</literal> permissions (see + <xref linkend="role-attributes"/>) or a superuser, and + <filename>pg_hba.conf</filename> must permit the replication connection. + The server must also be configured with + <xref linkend="guc-max-wal-senders"/> set high enough to leave at least + one session available for the stream. </para> <para> |