Re: [HACKERS] postgres_fdw super user checks

On Tue, Dec 5, 2017 at 2:49 AM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Sun, Dec 3, 2017 at 3:42 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> I'm not a fan of having *only* warning in the back-branches. What I
>> would think we'd do here is correct the back-branch documentation to be
>> correct, and then add a warning that it changes in v11.
>>
>> You didn't suggest an actual change wrt the back-branch warning, but it
>> seems to me like it'd end up being morally equivilant to "ok, forget
>> what we just said, what really happens is X, but we fix it in v11."
>
> Yeah, I'm very unclear what, if anything, to do about the back-branch
> documentation. Suggestions appreciated.

I think the real behaviour can be described as something like this:

"Only superusers may connect to foreign servers without password
authentication, so always specify the <literal>password</literal>
option for user mappings that may be used by non-superusers." But
which user mappings may be used by non-superusers can not be defined
without explaining views owned by superusers. I don't think we should
be talking about views in that part of documentation.

--
Best Wishes,
Ashutosh Bapat
EnterpriseDB Corporation
The Postgres Database Company