Re: [HACKERS] postgres_fdw super user checks

Ashutosh,

* Ashutosh Bapat (ashutosh.bapat@enterprisedb.com) wrote:
> On Wed, Nov 29, 2017 at 4:56 AM, Stephen Frost <sfrost@snowman.net> wrote:
> > The "global rethink" being contemplated seems to be more about
> > authentication forwarding than it is about this specific change.  If
> > there's some 'global rethink' which is actually applicable to this
> > specific deviation from the usual "use the view's owner for privilege
> > checks", then it's unclear to me what that is.
>
> Global rethink may constitute other authentication methods like
> certificate based authentication. But I am not clear about global
> rethink in the context of owner privileges problem being discussed
> here.

Right, I'm all for an independent discussion about how we can have
same-cluster or cross-cluster trust relationships set up to make it
easier for users in one cluster/database to access tables in another
that they should be allowed to, but that's a different topic from this.

In other words, I think we're agreeing here. :)

Thanks!

Stephen