On Fri, Jul 22, 2011 at 12:02 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Robert Haas <robertmh...@gmail.com> writes: >> On Fri, Jul 22, 2011 at 10:01 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: >>> I am not, however, convinced that that's a legitimate reading of the SQL >>> spec. Surely user mappings are meant to constrain which users can >>> connect to a given foreign server. > >> Surely that's the job for the table's ACL, no? > > No, a table ACL constrains access to a table. Different issue. > > In particular I find the following in SQL-MED:2008 4.14.1: > > NOTE 9 - Privileges granted on foreign tables are not privileges to use > the data constituting foreign tables, but privileges to use the > definitions of the foreign tables. The privileges to access the data > constituting the foreign tables are enforced by the foreign server, > based on the user mapping. Consequently, a request by an SQL-client to > access external data may raise exceptions.
I read that to mean that the remote side might chuck an error depending on the credentials used to connect. I don't read it to be saying that the local side is required to do anything in particular. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
