Re: [HACKERS] postgres_fdw super user checks

On Wed, Nov 29, 2017 at 4:56 AM, Stephen Frost <sfrost@snowman.net> wrote:

>
> Just to make it clear, I continue to agree with (3) and agree with Tom
> that we shouldn't be behaving differently depending on who is calling
> the view.

I also would vote for 3. That looks consistent with the way we handle
accesses based on owner of a view generally (without foreign tables
involved).

>
> The "global rethink" being contemplated seems to be more about
> authentication forwarding than it is about this specific change.  If
> there's some 'global rethink' which is actually applicable to this
> specific deviation from the usual "use the view's owner for privilege
> checks", then it's unclear to me what that is.

Global rethink may constitute other authentication methods like
certificate based authentication. But I am not clear about global
rethink in the context of owner privileges problem being discussed
here.
-- 
Best Wishes,
Ashutosh Bapat
EnterpriseDB Corporation
The Postgres Database Company