postgres
diff --git a/‎doc/src/sgml/ref/alter_subscription.sgml
Copy file name to clipboardExpand all lines: doc/src/sgml/ref/alter_subscription.sgml
+9-7 b/‎doc/src/sgml/ref/alter_subscription.sgml
Copy file name to clipboardExpand all lines: doc/src/sgml/ref/alter_subscription.sgml
+9-7
diff --git a/‎doc/src/sgml/ref/create_subscription.sgml
Copy file name to clipboardExpand all lines: doc/src/sgml/ref/create_subscription.sgml
+21-1 b/‎doc/src/sgml/ref/create_subscription.sgml
Copy file name to clipboardExpand all lines: doc/src/sgml/ref/create_subscription.sgml
+21-1
diff --git a/‎doc/src/sgml/ref/drop_subscription.sgml
Copy file name to clipboardExpand all lines: doc/src/sgml/ref/drop_subscription.sgml
+1-1 b/‎doc/src/sgml/ref/drop_subscription.sgml
Copy file name to clipboardExpand all lines: doc/src/sgml/ref/drop_subscription.sgml
+1-1
diff --git a/‎doc/src/sgml/user-manag.sgml
Copy file name to clipboardExpand all lines: doc/src/sgml/user-manag.sgml
+6 b/‎doc/src/sgml/user-manag.sgml
Copy file name to clipboardExpand all lines: doc/src/sgml/user-manag.sgml
+6
diff --git a/‎src/backend/catalog/pg_subscription.c
Copy file name to clipboardExpand all lines: src/backend/catalog/pg_subscription.c
+1 b/‎src/backend/catalog/pg_subscription.c
Copy file name to clipboardExpand all lines: src/backend/catalog/pg_subscription.c
+1
diff --git a/‎src/backend/catalog/system_views.sql
Copy file name to clipboardExpand all lines: src/backend/catalog/system_views.sql
+1 b/‎src/backend/catalog/system_views.sql
Copy file name to clipboardExpand all lines: src/backend/catalog/system_views.sql
+1
diff --git a/‎src/backend/commands/alter.c
Copy file name to clipboardExpand all lines: src/backend/commands/alter.c
+24 b/‎src/backend/commands/alter.c
Copy file name to clipboardExpand all lines: src/backend/commands/alter.c
+24
@@ -46,10 +46,11 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO <
 
   <para>
    You must own the subscription to use <command>ALTER SUBSCRIPTION</command>.
-   To alter the owner, you must be able to <literal>SET ROLE</literal> to the
-   new owning role.  The new owner has to be a superuser.
-   (Currently, all subscription owners must be superusers, so the owner checks
-   will be bypassed in practice.  But this might change in the future.)
+   To rename a subscription or alter the owner, you must have
+   <literal>CREATE</literal> permission on the database. In addition,
+   to alter the owner, you must be able to <literal>SET ROLE</literal> to the
+   new owning role. If the subscription has
+   <literal>password_required=false</literal>, only superusers can modify it.
   </para>
 
   <para>
@@ -223,7 +224,9 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO <
       <link linkend="sql-createsubscription-with-binary"><literal>binary</literal></link>,
       <link linkend="sql-createsubscription-with-streaming"><literal>streaming</literal></link>,
       <link linkend="sql-createsubscription-with-disable-on-error"><literal>disable_on_error</literal></link>,
-      and <link linkend="sql-createsubscription-with-origin"><literal>origin</literal></link>.
+      <link linkend="sql-createsubscription-with-password-required"><literal>password_required</literal></link>, and
+      <link linkend="sql-createsubscription-with-origin"><literal>origin</literal></link>.
+      Only a superuser can set <literal>password_required = false</literal>.
      </para>
     </listitem>
    </varlistentry>
@@ -244,8 +247,7 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO <
       finishes a transaction, the LSN (stored in
       <structname>pg_subscription</structname>.<structfield>subskiplsn</structfield>)
       is cleared.  See <xref linkend="logical-replication-conflicts"/> for
-      the details of logical replication conflicts.  Using this command requires
-      superuser privilege.
+      the details of logical replication conflicts.
      </para>
 
      <para>
 
@@ -33,7 +33,8 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl
 
   <para>
    <command>CREATE SUBSCRIPTION</command> adds a new logical-replication
-   subscription.  The subscription name must be distinct from the name of
+   subscription.  The user that creates a subscription becomes the owner
+   of the subscription. The subscription name must be distinct from the name of
    any existing subscription in the current database.
   </para>
 
@@ -49,6 +50,12 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl
    unless the subscription is initially disabled.
   </para>
 
+  <para>
+   To be able to create a subscription, you must have the privileges of the
+   the <literal>pg_create_subscription</literal> role, as well as
+   <literal>CREATE</literal> privileges on the current database.
+  </para>
+
   <para>
    Additional information about subscriptions and logical replication as a
    whole is available at <xref linkend="logical-replication-subscription"/> and
@@ -365,6 +372,19 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl
          </para>
         </listitem>
        </varlistentry>
+
+       <varlistentry>
+        <term><literal>password_required</literal> (<type>string</type>)</term>
+        <listitem>
+         <para>
+          Specifies whether connections to the publisher made as a result
+          of this subscription must use password authentication. This setting
+          is ignored when the subscription is owned by a superuser.
+          The default is <literal>true</literal>. Only superusers can set
+          this value to <literal>false</literal>.
+         </para>
+        </listitem>
+       </varlistentry>
       </variablelist></para>
 
     </listitem>
 
@@ -34,7 +34,7 @@ DROP SUBSCRIPTION [ IF EXISTS ] <replaceable class="parameter">name</replaceable
   </para>
 
   <para>
-   A subscription can only be dropped by a superuser.
+   To execute this command the user must be the owner of the subscription.
   </para>
 
   <para>
 
@@ -699,6 +699,12 @@ DROP ROLE doomed_role;
        <entry>Allow use of connection slots reserved via
        <xref linkend="guc-reserved-connections"/>.</entry>
       </row>
+      <row>
+       <entry>pg_create_subscription</entry>
+       <entry>Allow users with <literal>CREATE</literal> permission on the
+       database to issue
+       <link linkend="sql-createsubscription"><command>CREATE SUBSCRIPTION</command></link>.</entry>
+      </row>
      </tbody>
     </tgroup>
    </table>
 
@@ -71,6 +71,7 @@ GetSubscription(Oid subid, bool missing_ok)
 	sub->stream = subform->substream;
 	sub->twophasestate = subform->subtwophasestate;
 	sub->disableonerr = subform->subdisableonerr;
+	sub->passwordrequired = subform->subpasswordrequired;
 
 	/* Get conninfo */
 	datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID,
 
@@ -1318,6 +1318,7 @@ REVOKE ALL ON pg_replication_origin_status FROM public;
 REVOKE ALL ON pg_subscription FROM public;
 GRANT SELECT (oid, subdbid, subskiplsn, subname, subowner, subenabled,
               subbinary, substream, subtwophasestate, subdisableonerr,
+			  subpasswordrequired,
               subslotname, subsynccommit, subpublications, suborigin)
     ON pg_subscription TO public;
 
 
@@ -24,6 +24,7 @@
 #include "catalog/objectaccess.h"
 #include "catalog/pg_collation.h"
 #include "catalog/pg_conversion.h"
+#include "catalog/pg_database_d.h"
 #include "catalog/pg_event_trigger.h"
 #include "catalog/pg_foreign_data_wrapper.h"
 #include "catalog/pg_foreign_server.h"
@@ -235,6 +236,29 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
 				aclcheck_error(aclresult, OBJECT_SCHEMA,
 							   get_namespace_name(namespaceId));
 		}
+
+		if (classId == SubscriptionRelationId)
+		{
+			Form_pg_subscription form;
+
+			/* must have CREATE privilege on database */
+			aclresult = object_aclcheck(DatabaseRelationId, MyDatabaseId,
+										GetUserId(), ACL_CREATE);
+			if (aclresult != ACLCHECK_OK)
+				aclcheck_error(aclresult, OBJECT_DATABASE,
+							   get_database_name(MyDatabaseId));
+
+			/*
+			 * Don't allow non-superuser modification of a subscription with
+			 * password_required=false.
+			 */
+			form = (Form_pg_subscription) GETSTRUCT(oldtup);
+			if (!form->subpasswordrequired && !superuser())
+				ereport(ERROR,
+						(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+						 errmsg("password_required=false is superuser-only"),
+						 errhint("Subscriptions with the password_required option set to false may only be created or modified by the superuser.")));
+		}
 	}
 
 	/*