From e4a17eb6c6144ec96524e81e8567feed9011244d Mon Sep 17 00:00:00 2001 From: Betsy Gitelman Date: Fri, 4 Oct 2024 11:52:07 -0400 Subject: [PATCH] Edits to pgd: clarify joining nodes with non-default extensions #6099 --- .../5/node_management/creating_and_joining.mdx | 6 +++--- .../docs/pgd/5/security/role-management.mdx | 16 ++++++++-------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/product_docs/docs/pgd/5/node_management/creating_and_joining.mdx b/product_docs/docs/pgd/5/node_management/creating_and_joining.mdx index 0a2ceb59aef..91d36338d36 100644 --- a/product_docs/docs/pgd/5/node_management/creating_and_joining.mdx +++ b/product_docs/docs/pgd/5/node_management/creating_and_joining.mdx @@ -56,9 +56,9 @@ The node that's joining the cluster must not contain any schema or data that already exists on databases in the PGD group. We recommend that the newly joining database be empty except for the BDR extension. However, it's important that all required database users and roles are created. -Additionally, if the joining operation is to be carried out by a non-superuser, -extensions requiring superuser permission will need to be manually created. For -more details see [Connections and roles](../security/role-management#connections-and-roles). +Also, if a non-superuser is performing the joining operation, +extensions that require superuser permission must be created manually. For +more details, see [Connections and roles](../security/role-management#connections-and-roles). Optionally, you can skip the schema synchronization using the `synchronize_structure` parameter of the diff --git a/product_docs/docs/pgd/5/security/role-management.mdx b/product_docs/docs/pgd/5/security/role-management.mdx index 6960ae18f8a..cc32a697155 100644 --- a/product_docs/docs/pgd/5/security/role-management.mdx +++ b/product_docs/docs/pgd/5/security/role-management.mdx @@ -53,14 +53,14 @@ nodes, such that following stipulations are satisfied: - It owns all database objects to replicate, either directly or from permissions from the owner roles. -Additionally, if any non-default extensions (excluding the `bdr` extension -itself) are present on the source node, and any of these can only be installed -by a superuser, these extensions must be created manually (by a superuser) on -the join target node, otherwise the join process will fail. +Also, if any non-default extensions (excluding the BDR extension) +are present on the source node, and any of these can be installed only +by a superuser, a superuser must create these extensions manually on +the join target node. Otherwise the join process will fail. -In PostgreSQL 13 and later, extensions requiring superuser permission and which -therefore need to be manually installed, can be identified by executing (on the -source node): +In PostgreSQL 13 and later, you can identify the extensions requiring superuser permission and +that must be manually installed. On the +source node, execute: ```sql SELECT name, (trusted IS FALSE AND superuser) AS superuser_only @@ -68,7 +68,7 @@ source node): WHERE installed AND name != 'bdr'; ``` -Once all nodes are joined, to continue to allow DML and DDL replication, you can reduce the permissions further to the following: +Once all nodes are joined, to continue to allow DML and DDL replication, you can further reduce the permissions to the following: - The user has the `REPLICATION` attribute. - It inherits the bdr_superuser role.