From: | Natalie Wenz <nataliewenz(at)ebureau(dot)com> |
---|---|
To: | "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Subject: | Re: postgres_fdw user mapping and role inheritance |
Date: | 2015-07-16 19:10:09 |
Message-ID: | 32B4D87F-0466-467A-9F2B-00F696E9E056@ebureau.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Would it be necessary to disambiguate? Wouldn't individual_user's privileges be a union of all of the privileges of all the groups of which it is a part? That seems to be how it works in the core postgres functionality:
If local_group_1 is a role with privileges on table_a and table_b, and local_group_2 is a role with privileges on table_c, then after
grant local_group_1 to individual_user;
grant local_group_2 to individual_user;
individual_user now has privileges on table_a, table_b, and table_c.
But if local_group_2 also has a user mapping on foreign_table_x, individual_user inherits the privileges on table_c, but not foreign_table_x.
Or am I misunderstanding you? Is there something about foreign tables that precludes the role inheritance from working the same way it does with native tables?
Thanks,
Natalie
> On Jul 16, 2015, at 1:16 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Natalie Wenz <nataliewenz(at)ebureau(dot)com> writes:
>> Is there a way to tell postgres_fdw to allow individual_user to inherit
>> user mappings from groups of which it is a part?
>
> No. How would you disambiguate if the current role were a member of
> multiple groups?
>
> regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Gilberto Castillo | 2015-07-16 19:22:32 | Re: [E-MASIVO][E-MASIVO]postgres_fdw user mapping and role inheritance |
Previous Message | Kevin Grittner | 2015-07-16 18:39:34 | Re: Automatic restore corruption problem |