This is just a test to see how feasible is to remove the SECURITY
DEFINER and have regular users setup their FDW.
There are still problems with this approach:
- need to grant the usage of postgres_fdw (no big issue)
- need CREATEROLE privilege. A problem in itself (see the NOTES
https://www.postgresql.org/docs/current/sql-createrole.html)
Aside from those, there are still practical problems:
```
> Executing query 'SELECT cartodb.CDB_SetUp_User_Foreign_Server('test_user_fdw', '{
"server": {
"extensions": "postgis",
"dbname": "fdw_target",
"host": "localhost",
"port": 5432
},
"user_mapping": {
"user": "fdw_user",
"password": "foobarino"
}
}');' as cdb_testmember_1
ERROR: permission denied for foreign-data wrapper postgres_fdw
CONTEXT: SQL statement "ALTER SERVER test_user_fdw OWNER TO test_user_fdw"
PL/pgSQL function cdb_setup_user_foreign_server(name,json) line 32 at EXECUTE
```
5 years ago
2 changed files with 11 additions and 10 deletions