On Fri, Jul 22, 2011 at 12:02 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Robert Haas <robertmhaas@gmail.com> writes:
>> On Fri, Jul 22, 2011 at 10:01 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> I am not, however, convinced that that's a legitimate reading of the SQL
>>> spec. Surely user mappings are meant to constrain which users can
>>> connect to a given foreign server.
>
>> Surely that's the job for the table's ACL, no?
>
> No, a table ACL constrains access to a table. Different issue.
>
> In particular I find the following in SQL-MED:2008 4.14.1:
>
> NOTE 9 - Privileges granted on foreign tables are not privileges to use
> the data constituting foreign tables, but privileges to use the
> definitions of the foreign tables. The privileges to access the data
> constituting the foreign tables are enforced by the foreign server,
> based on the user mapping. Consequently, a request by an SQL-client to
> access external data may raise exceptions.
I read that to mean that the remote side might chuck an error
depending on the credentials used to connect. I don't read it to be
saying that the local side is required to do anything in particular.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company