Re: [HACKERS] postgres_fdw super user checks
| От | Ashutosh Bapat |
|---|---|
| Тема | Re: [HACKERS] postgres_fdw super user checks |
| Дата | |
| Msg-id | CAFjFpRe7M=-mar=PPK=LK9v9PvmGSbFuP4zz5SAQE0hjtd8biA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [HACKERS] postgres_fdw super user checks (Stephen Frost <sfrost@snowman.net>) |
| Список | pgsql-hackers |
On Wed, Nov 29, 2017 at 7:42 PM, Stephen Frost <sfrost@snowman.net> wrote: > Ashutosh, > > * Ashutosh Bapat (ashutosh.bapat@enterprisedb.com) wrote: >> On Wed, Nov 29, 2017 at 4:56 AM, Stephen Frost <sfrost@snowman.net> wrote: >> > The "global rethink" being contemplated seems to be more about >> > authentication forwarding than it is about this specific change. If >> > there's some 'global rethink' which is actually applicable to this >> > specific deviation from the usual "use the view's owner for privilege >> > checks", then it's unclear to me what that is. >> >> Global rethink may constitute other authentication methods like >> certificate based authentication. But I am not clear about global >> rethink in the context of owner privileges problem being discussed >> here. > > Right, I'm all for an independent discussion about how we can have > same-cluster or cross-cluster trust relationships set up to make it > easier for users in one cluster/database to access tables in another > that they should be allowed to, but that's a different topic from this. > > In other words, I think we're agreeing here. :) Yes. -- Best Wishes, Ashutosh Bapat EnterpriseDB Corporation The Postgres Database Company
В списке pgsql-hackers по дате отправления: