Re: postgres_fdw user mapping and role inheritance

Поиск
Список
Период
Сортировка
От Natalie Wenz
Тема Re: postgres_fdw user mapping and role inheritance
Дата
Msg-id 3E881F5D-9197-4131-A2C5-D7449DA6EF77@ebureau.com
обсуждение исходный текст
Ответ на Re: postgres_fdw user mapping and role inheritance  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-admin
Oh! I didn't know that was possible! And then I looked in the documentation and there it was, very clearly explained.
(Thatdoesn't surprise me at all; I've always appreciated how clear and thorough the Postgres documentation is.) That
willwork beautifully for us; thanks again for your help. I promise to scour the documentation more carefully before I
bugthe mailing list next time. :) 

Thanks,
Natalie

> On Jul 17, 2015, at 12:59 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Natalie Wenz <nataliewenz@ebureau.com> writes:
>> Oh! Of course! The local database doesn't know anything about the role privileges on the remote database, so the
informationisn't even available on the local database to somehow take the union of all the privileges of foo and bar
becausethey are defined on the remote database. Thanks for responding. I got so wrapped up in our simple use case
(whereany individual_user in the local_group would connect to foreign_server as the same foreign_user) and couldn't
comeup with a counter example.  
>
>> For our use case, can you think of any other way to do it besides creating a user mapping for every member of
local_group?Gilberto's suggestion of setting the session authorization (I think?) won't work because the
individual_usersdon't have privileges to set that. ("ERROR:  permission denied to set session authorization") 
>
> Would it work for them to do SET ROLE to the group whose mapping they want
> to use?  IIRC that's allowed for any member of the group.  The problem
> with this is that their privileges for local operations are also affected,
> so maybe that doesn't help you.
>
>             regards, tom lane



В списке pgsql-admin по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: pg_dump error
Следующее
От: rabi maibam
Дата:
Сообщение: more is not recognized as an internal or external command, operable program or batch file in psql in windows 7