public inbox for [email protected]
help / color / mirror / Atom feedFrom: David G. Johnston <[email protected]>
To: Tom Lane <[email protected]>
Cc: [email protected]
Cc: [email protected]
Subject: Re: no mention of GRANT USAGE in postgres_fdw docs
Date: Fri, 15 Nov 2019 12:42:16 -0700
Message-ID: <CAKFQuwbLyaAv8i9q_82kD+UNCet4emWgOy2PiQ8LT6Ld7r+KWg@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
On Fri, Nov 15, 2019 at 12:05 PM Tom Lane <[email protected]> wrote:
> PG Doc comments form <[email protected]> writes:
> > The documentation page for postgres_fdw
> > <https://www.postgresql.org/docs/current/postgres-fdw.html; gives a nice
> > step by step on what's needed to configure a FOREIGN SERVER. However,
> one
> > crucial step is missed, and that is that you need to issue GRANT USAGE ON
> > FOREIGN SERVER before you can successfully run step 4, IMPORT FOREIGN
> > SCHEMA.
>
> That paragraph links to the IMPORT FOREIGN SCHEMA reference page,
> which says
>
> To use IMPORT FOREIGN SCHEMA, the user must have USAGE privilege on
> the foreign server, as well as CREATE privilege on the target schema.
>
> I'm not clear why we should duplicate that information here, especially
> when we're not duplicating any of the other essential information about
> how to use IMPORT FOREIGN SCHEMA. Nor does this summary mention the
> privilege requirements for any of the other commands it suggests using.
>
The overview page says: "Create a user mapping, using CREATE USER MAPPING,
for each database user you want to allow to access each foreign server."
It seems reasonable to add that you need to grant those same users the
USAGE privilege on each foreign server as well. The bullet list does seem
like it is inclusive of all the major SQL Commands that are needed to make
this work and since it doesn't just speak of setting up the owner's
permissions mentioning GRANT, while slightly redundant, seems in scope.
David J.
view thread (4+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: no mention of GRANT USAGE in postgres_fdw docs
In-Reply-To: <CAKFQuwbLyaAv8i9q_82kD+UNCet4emWgOy2PiQ8LT6Ld7r+KWg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox