Re: [HACKERS] postgres_fdw super user checks

Robert, Ashutosh,

* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> On Mon, Dec 4, 2017 at 5:57 PM, Ashutosh Bapat
> <ashutosh(dot)bapat(at)enterprisedb(dot)com> wrote:
> > I think the real behaviour can be described as something like this:
> >
> > "Only superusers may connect to foreign servers without password
> > authentication, so always specify the <literal>password</literal>
> > option for user mappings that may be used by non-superusers." But
> > which user mappings may be used by non-superusers can not be defined
> > without explaining views owned by superusers. I don't think we should
> > be talking about views in that part of documentation.
>
> Well, if we don't, then I'm not sure we can really make this clear.

Yeah, I'm pretty sure we need to spell out the situation around views
here because it's different from how views normally work as discussed in
Rules and Privileges.

I'll note that the Rules and Privileges section could use a bit of love
too- the v10 docs have:

"Due to rewriting of queries by the PostgreSQL rule system, other
tables/views than those used in the original query get accessed. When
update rules are used, this can include write access to tables."

Which isn't really accurate since simple updatable views were added.

Looking at it more though, really, I think that whole page needs to be
re-cast to be about *views* and stop talking about rules. That's really
a seperate discussino to have though.

> Anyhow, I've committed the patch to master for now; we can keep
> arguing about what, if anything, to do for back-branch documentation.

Thanks!

Stephen