Participants
Vladimir Ryabtsev
Vladimir Ryabtsev
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Vladimir RyabtsevVladimir Ryabtsev
Jul 17, 2019
#2Vladimir RyabtsevVladimir Ryabtsevto Vladimir Ryabtsev (#1)
Jul 17, 2019
#3Tom LaneTom Laneto Vladimir Ryabtsev (#1)
Jul 21, 2019

User mapping: view over a foreign table

Started by Vladimir Ryabtsevover 6 years ago3 messagesbugs
Jump to latest
#1Vladimir Ryabtsev
Vladimir Ryabtsev
greatvovan@gmail.com

Supposing I have a foreign table F and a view V that selects rows from F.

The owner of F is USER1.
The owner of V is USER2.
The currently logged user is "me".

When I query the foreign table F, the DBMS engine looks for USER MAPPING
for "me", regardless of who is the owner of the table.

When I query the view V, the engine searches the USER MAPPING for USER2 who
is the owner of the view.

This looks inconsistent and misleading. I wonder, are there any reasons
behind this design decision? Is it documented somewhere (I did not find it)?

Regards,
Vlad

#2Vladimir Ryabtsev
Vladimir Ryabtsev
greatvovan@gmail.com
In reply to: Vladimir Ryabtsev (#1)
Re: User mapping: view over a foreign table

My DB version(): PostgreSQL 10.3 (Ubuntu 10.3-1.pgdg14.04+1) on
x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 4.8.4-2ubuntu1~14.04.4) 4.8.4,
64-bit

ср, 17 июл. 2019 г. в 14:24, Vladimir Ryabtsev <greatvovan@gmail.com>:

Show quoted text

Supposing I have a foreign table F and a view V that selects rows from F.

The owner of F is USER1.
The owner of V is USER2.
The currently logged user is "me".

When I query the foreign table F, the DBMS engine looks for USER MAPPING
for "me", regardless of who is the owner of the table.

When I query the view V, the engine searches the USER MAPPING for USER2
who is the owner of the view.

This looks inconsistent and misleading. I wonder, are there any reasons
behind this design decision? Is it documented somewhere (I did not find it)?

Regards,
Vlad

#3Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Vladimir Ryabtsev (#1)
Re: User mapping: view over a foreign table

Vladimir Ryabtsev <greatvovan@gmail.com> writes:

Supposing I have a foreign table F and a view V that selects rows from F.
The owner of F is USER1.
The owner of V is USER2.
The currently logged user is "me".

When I query the foreign table F, the DBMS engine looks for USER MAPPING
for "me", regardless of who is the owner of the table.

When I query the view V, the engine searches the USER MAPPING for USER2 who
is the owner of the view.

This looks inconsistent and misleading.

AFAICS, it's exactly parallel to the handling of SQL permissions for
the foreign table. If you query F directly, you must have SELECT
permissions on F (or whatever is appropriate for your query type).
If you query F via V, you must have SELECT on V and the owner of V
must have SELECT on F.

regards, tom lane

← Back to Topics