| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Paul Bonaud <paul(at)bonaud(dot)fr>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Fine grained permissions on User Mapping |
| Date: | 2020-06-03 20:22:25 |
| Message-ID: | e7b6bc2c-3e62-41ef-1925-3879fe5a2259@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 6/3/20 4:11 AM, Paul Bonaud wrote:
> Hi Tom,
>
> Thank you very much for your answer.
>
> I was worried to get this kind of solution, i.e. “don't be so miserly as
> not to create a separate one for each privilege level you need.”,
> however in the case of a remote database **you have no control over**it
> sounds pretty impossible to do.
>
> If I understand correctly, my initial question doesn't have a solution
> within postgres, does this sound right?
As it stands now I can't think of one. You might reach out to the
postgres_fdw folks and see if they could get it to use a service file:
https://www.postgresql.org/docs/12/libpq-pgservice.html
Then the user mapping could use information the end user can't see
unless they had permissions on the file system.
>
> Thanks again !
> Paul
> **
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2020-06-03 20:46:51 | Re: GPG signing |
| Previous Message | Alvaro Herrera | 2020-06-03 20:10:55 | Re: pg_dump of database with numerous objects |