public inbox for [email protected]help / color / mirror / Atom feed
no mention of GRANT USAGE in postgres_fdw docs 4+ messages / 3 participants [nested] [flat]
* no mention of GRANT USAGE in postgres_fdw docs @ 2019-11-14 22:29 PG Doc comments form <[email protected]> 2019-11-15 19:04 ` Re: no mention of GRANT USAGE in postgres_fdw docs Tom Lane <[email protected]> 0 siblings, 1 reply; 4+ messages in thread From: PG Doc comments form @ 2019-11-14 22:29 UTC (permalink / raw) To: [email protected]; +Cc: [email protected] The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/12/postgres-fdw.html Description: The documentation page for postgres_fdw <https://www.postgresql.org/docs/current/postgres-fdw.html; gives a nice step by step on what's needed to configure a FOREIGN SERVER. However, one crucial step is missed, and that is that you need to issue GRANT USAGE ON FOREIGN SERVER before you can successfully run step 4, IMPORT FOREIGN SCHEMA. Fortunately, I was able to get help on this from some kind folks in #postgresql on IRC, but the documentation should be updated to include this step. Thanks, --Joe ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: no mention of GRANT USAGE in postgres_fdw docs 2019-11-14 22:29 no mention of GRANT USAGE in postgres_fdw docs PG Doc comments form <[email protected]> @ 2019-11-15 19:04 ` Tom Lane <[email protected]> 2019-11-15 19:42 ` Re: no mention of GRANT USAGE in postgres_fdw docs David G. Johnston <[email protected]> 0 siblings, 1 reply; 4+ messages in thread From: Tom Lane @ 2019-11-15 19:04 UTC (permalink / raw) To: [email protected]; +Cc: [email protected] PG Doc comments form <[email protected]> writes: > The documentation page for postgres_fdw > <https://www.postgresql.org/docs/current/postgres-fdw.html; gives a nice > step by step on what's needed to configure a FOREIGN SERVER. However, one > crucial step is missed, and that is that you need to issue GRANT USAGE ON > FOREIGN SERVER before you can successfully run step 4, IMPORT FOREIGN > SCHEMA. That paragraph links to the IMPORT FOREIGN SCHEMA reference page, which says To use IMPORT FOREIGN SCHEMA, the user must have USAGE privilege on the foreign server, as well as CREATE privilege on the target schema. I'm not clear why we should duplicate that information here, especially when we're not duplicating any of the other essential information about how to use IMPORT FOREIGN SCHEMA. Nor does this summary mention the privilege requirements for any of the other commands it suggests using. Is there some reason why this was particularly hard to discover? I'd have expected that you got a reasonably clear permissions- failure error from the IMPORT. If you didn't, maybe there's an opportunity to improve that. regards, tom lane ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: no mention of GRANT USAGE in postgres_fdw docs 2019-11-14 22:29 no mention of GRANT USAGE in postgres_fdw docs PG Doc comments form <[email protected]> 2019-11-15 19:04 ` Re: no mention of GRANT USAGE in postgres_fdw docs Tom Lane <[email protected]> @ 2019-11-15 19:42 ` David G. Johnston <[email protected]> 2019-11-15 19:50 ` Re: no mention of GRANT USAGE in postgres_fdw docs Tom Lane <[email protected]> 0 siblings, 1 reply; 4+ messages in thread From: David G. Johnston @ 2019-11-15 19:42 UTC (permalink / raw) To: Tom Lane <[email protected]>; +Cc: [email protected]; [email protected] On Fri, Nov 15, 2019 at 12:05 PM Tom Lane <[email protected]> wrote: > PG Doc comments form <[email protected]> writes: > > The documentation page for postgres_fdw > > <https://www.postgresql.org/docs/current/postgres-fdw.html; gives a nice > > step by step on what's needed to configure a FOREIGN SERVER. However, > one > > crucial step is missed, and that is that you need to issue GRANT USAGE ON > > FOREIGN SERVER before you can successfully run step 4, IMPORT FOREIGN > > SCHEMA. > > That paragraph links to the IMPORT FOREIGN SCHEMA reference page, > which says > > To use IMPORT FOREIGN SCHEMA, the user must have USAGE privilege on > the foreign server, as well as CREATE privilege on the target schema. > > I'm not clear why we should duplicate that information here, especially > when we're not duplicating any of the other essential information about > how to use IMPORT FOREIGN SCHEMA. Nor does this summary mention the > privilege requirements for any of the other commands it suggests using. > The overview page says: "Create a user mapping, using CREATE USER MAPPING, for each database user you want to allow to access each foreign server." It seems reasonable to add that you need to grant those same users the USAGE privilege on each foreign server as well. The bullet list does seem like it is inclusive of all the major SQL Commands that are needed to make this work and since it doesn't just speak of setting up the owner's permissions mentioning GRANT, while slightly redundant, seems in scope. David J. ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: no mention of GRANT USAGE in postgres_fdw docs 2019-11-14 22:29 no mention of GRANT USAGE in postgres_fdw docs PG Doc comments form <[email protected]> 2019-11-15 19:04 ` Re: no mention of GRANT USAGE in postgres_fdw docs Tom Lane <[email protected]> 2019-11-15 19:42 ` Re: no mention of GRANT USAGE in postgres_fdw docs David G. Johnston <[email protected]> @ 2019-11-15 19:50 ` Tom Lane <[email protected]> 0 siblings, 0 replies; 4+ messages in thread From: Tom Lane @ 2019-11-15 19:50 UTC (permalink / raw) To: David G. Johnston <[email protected]>; +Cc: [email protected]; [email protected] "David G. Johnston" <[email protected]> writes: > On Fri, Nov 15, 2019 at 12:05 PM Tom Lane <[email protected]> wrote: >> I'm not clear why we should duplicate that information here, especially >> when we're not duplicating any of the other essential information about >> how to use IMPORT FOREIGN SCHEMA. Nor does this summary mention the >> privilege requirements for any of the other commands it suggests using. > The overview page says: "Create a user mapping, using CREATE USER MAPPING, > for each database user you want to allow to access each foreign server." > It seems reasonable to add that you need to grant those same users the > USAGE privilege on each foreign server as well. But you don't necessarily, do you? I think you only need that to create a foreign table referencing the server, not to use one that somebody else created. (Too lazy to check the details right now.) Anyway, my point is that details like this belong in the respective command man pages. If we were to copy them into postgres-fdw's summary, we'd never remember to update that if they changed. regards, tom lane ^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2019-11-15 19:50 UTC | newest] Thread overview: 4+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2019-11-14 22:29 no mention of GRANT USAGE in postgres_fdw docs PG Doc comments form <[email protected]> 2019-11-15 19:04 ` Tom Lane <[email protected]> 2019-11-15 19:42 ` David G. Johnston <[email protected]> 2019-11-15 19:50 ` Tom Lane <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox