postgres_fdw has some checks to enforce that non-superusers must connect to the foreign server with a password-based method. The reason for this is to prevent the authentication to the foreign server from happening on the basis of the OS user who is running the non-foreign server.
But I think these super user checks should be run against the userid of the USER MAPPING being used for the connection, not the userid of currently logged on user. That is, I think the last line in this script should succeed: ('jjanes' is both a superuser, and a database): CREATE EXTENSION IF NOT EXISTS postgres_fdw WITH SCHEMA public; CREATE SERVER foo FOREIGN DATA WRAPPER postgres_fdw; CREATE USER MAPPING FOR jjanes SERVER foo; CREATE TABLE foobar1 ( x integer); CREATE FOREIGN TABLE foobar2 ( x integer) SERVER foo OPTIONS ( table_name 'foobar1'); CREATE VIEW foobar3 AS SELECT foobar2.x FROM foobar2; CREATE USER test; GRANT SELECT ON TABLE foobar3 TO test; \c jjanes test select * from foobar3; It connects back to itself, simply for demonstration purposes. The attached patch implements this change in auth checking. Cheers, Jeff
postgres_fdw_superuser.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers