On Wed, Nov 29, 2017 at 4:56 AM, Stephen Frost <sfrost@snowman.net> wrote:
>
> Just to make it clear, I continue to agree with (3) and agree with Tom
> that we shouldn't be behaving differently depending on who is calling
> the view.
I also would vote for 3. That looks consistent with the way we handle
accesses based on owner of a view generally (without foreign tables
involved).
>
> The "global rethink" being contemplated seems to be more about
> authentication forwarding than it is about this specific change. If
> there's some 'global rethink' which is actually applicable to this
> specific deviation from the usual "use the view's owner for privilege
> checks", then it's unclear to me what that is.
Global rethink may constitute other authentication methods like
certificate based authentication. But I am not clear about global
rethink in the context of owner privileges problem being discussed
here.
--
Best Wishes,
Ashutosh Bapat
EnterpriseDB Corporation
The Postgres Database Company
