On Thu, Oct 5, 2017 at 10:49 AM, Simon Riggs <si...@2ndquadrant.com> wrote:
> On 4 October 2017 at 18:13, Jeff Janes <jeff.ja...@gmail.com> wrote: > > > OK. And if you want the first one, you can wrap it in a view currently, > but > > if it were changed I don't know what you would do if you want the 2nd one > > (other than having every user create their own set of foreign tables). > So I > > guess the current situation is more flexible. > > Sounds like it would be a useful option on a Foreign Server to allow > it to run queries as either the invoker or the owner. We have that > choice for functions, so we already have the concept and syntax > available. We could have another default at FDW level that specifies > what the default is for that type of FDW, and if that is not > specified, we keep it like it currently is. > To go further off topic, I'd like to have the invoker vs definer security options available even for plain old views as well. Sometimes I want create a view so that I can let people see, in a controlled manner, things they couldn't otherwise see. But more often I just want to provide a convenience wrapper around ugly SQL without accidentally granting people additional privileges. Cheers, Jeff
