| From: | Ashutosh Bapat <ashutosh(dot)bapat(at)enterprisedb(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, Andreas Karlsson <andreas(at)proxel(dot)se>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [HACKERS] postgres_fdw super user checks |
| Date: | 2017-11-29 10:00:17 |
| Message-ID: | CAFjFpRfsQftys4Nr9btNANXJGKqyuTNCB75CP8sLzSQMOvKGrA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Nov 29, 2017 at 4:56 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>
> Just to make it clear, I continue to agree with (3) and agree with Tom
> that we shouldn't be behaving differently depending on who is calling
> the view.
I also would vote for 3. That looks consistent with the way we handle
accesses based on owner of a view generally (without foreign tables
involved).
>
> The "global rethink" being contemplated seems to be more about
> authentication forwarding than it is about this specific change. If
> there's some 'global rethink' which is actually applicable to this
> specific deviation from the usual "use the view's owner for privilege
> checks", then it's unclear to me what that is.
Global rethink may constitute other authentication methods like
certificate based authentication. But I am not clear about global
rethink in the context of owner privileges problem being discussed
here.
--
Best Wishes,
Ashutosh Bapat
EnterpriseDB Corporation
The Postgres Database Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2017-11-29 10:30:42 | Re: [HACKERS] CUBE seems a bit confused about ORDER BY |
| Previous Message | amul sul | 2017-11-29 09:55:47 | Re: [HACKERS] Restrict concurrent update/delete with UPDATE of partition key |