From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
---|---|
To: | Simon Riggs <simon(at)2ndquadrant(dot)com> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Andreas Karlsson <andreas(at)proxel(dot)se>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [HACKERS] postgres_fdw super user checks |
Date: | 2017-12-12 04:47:31 |
Message-ID: | CAMkU=1wGFQU8SfpW2coGLAKx-GLmbvpb1Hv5W_=SZ2HvxR+vaw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Oct 5, 2017 at 10:49 AM, Simon Riggs <simon(at)2ndquadrant(dot)com> wrote:
> On 4 October 2017 at 18:13, Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote:
>
>
> OK. And if you want the first one, you can wrap it in a view currently,
> but
> > if it were changed I don't know what you would do if you want the 2nd one
> > (other than having every user create their own set of foreign tables).
> So I
> > guess the current situation is more flexible.
>
> Sounds like it would be a useful option on a Foreign Server to allow
> it to run queries as either the invoker or the owner. We have that
> choice for functions, so we already have the concept and syntax
> available. We could have another default at FDW level that specifies
> what the default is for that type of FDW, and if that is not
> specified, we keep it like it currently is.
>
To go further off topic, I'd like to have the invoker vs definer security
options available even for plain old views as well. Sometimes I want
create a view so that I can let people see, in a controlled manner, things
they couldn't otherwise see. But more often I just want to provide a
convenience wrapper around ugly SQL without accidentally granting people
additional privileges.
Cheers,
Jeff
From | Date | Subject | |
---|---|---|---|
Next Message | Jeff Janes | 2017-12-12 04:59:00 | Re: [HACKERS] postgres_fdw super user checks |
Previous Message | Andres Freund | 2017-12-12 04:43:30 | Re: Using ProcSignal to get memory context stats from a running backend |