On Wed, Dec 6, 2017 at 1:35 AM, Robert Haas <robertmh...@gmail.com> wrote:
>> >> "Only superusers may connect to foreign servers without password >> authentication, so always specify the <literal>password</literal> >> option for user mappings that may be used by non-superusers." But >> which user mappings may be used by non-superusers can not be defined >> without explaining views owned by superusers. I don't think we should >> be talking about views in that part of documentation. > > Well, if we don't, then I'm not sure we can really make this clear. > > Anyhow, I've committed the patch to master for now; we can keep > arguing about what, if anything, to do for back-branch documentation. > Ok, something like this: "Only superusers may connect to foreign servers without password authentication, so always specify the <literal>password</literal> option for user mappings that may be used by non-superusers. Hence always specify the <literal>password</literal> option for a user mapping for a non-superuser. Consider a view referencing a foreign table and owned by a superuser but accessible to a non-superuser. When the non-superuser executes a query referencing the view, it uses superuser's user mapping to connect to the foreign server. Since a non-superuser is using the user mapping, it requires password, even though its a super-user's mapping. Hence specify the <literal>password</literal> option for a user mapping for a superuser, if the superuser has such views." That's a lot of explanation. And somehow we will have to say that this behaviour will change in the next version. -- Best Wishes, Ashutosh Bapat EnterpriseDB Corporation The Postgres Database Company
