| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Questions and experiences writing a Foreign Data Wrapper |
| Date: | 2011-07-22 16:02:22 |
| Message-ID: | 11225.1311350542@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Fri, Jul 22, 2011 at 10:01 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> I am not, however, convinced that that's a legitimate reading of the SQL
>> spec. Surely user mappings are meant to constrain which users can
>> connect to a given foreign server.
> Surely that's the job for the table's ACL, no?
No, a table ACL constrains access to a table. Different issue.
In particular I find the following in SQL-MED:2008 4.14.1:
NOTE 9 - Privileges granted on foreign tables are not privileges to use
the data constituting foreign tables, but privileges to use the
definitions of the foreign tables. The privileges to access the data
constituting the foreign tables are enforced by the foreign server,
based on the user mapping. Consequently, a request by an SQL-client to
access external data may raise exceptions.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2011-07-22 16:03:59 | Re: Policy on pulling in code from other projects? |
| Previous Message | Peter Geoghegan | 2011-07-22 16:01:28 | Re: libedit memory stomp is apparently fixed in OS X Lion |