This is just a test to see how feasible is to remove the SECURITY DEFINER and have regular users setup their FDW. There are still problems with this approach: - need to grant the usage of postgres_fdw (no big issue) - need CREATEROLE privilege. A problem in itself (see the NOTES https://www.postgresql.org/docs/current/sql-createrole.html) Aside from those, there are still practical problems: ``` > Executing query 'SELECT cartodb.CDB_SetUp_User_Foreign_Server('test_user_fdw', '{ "server": { "extensions": "postgis", "dbname": "fdw_target", "host": "localhost", "port": 5432 }, "user_mapping": { "user": "fdw_user", "password": "foobarino" } }');' as cdb_testmember_1 ERROR: permission denied for foreign-data wrapper postgres_fdw CONTEXT: SQL statement "ALTER SERVER test_user_fdw OWNER TO test_user_fdw" PL/pgSQL function cdb_setup_user_foreign_server(name,json) line 32 at EXECUTE ```user-defined-fdw-no-sec-definer
parent
1189d70b2a
commit
67663c79aa
Loading…
Reference in new issue