Revise the permission checking on user mapping DDL commands.
CREATE/ALTER/DROP USER MAPPING are now allowed either by the server owner or by a user with USAGE privileges for his own user name. This is more or less what the SQL standard wants anyway (plus "implementation-defined") Hide information_schema.user_mapping_options.option_value, unless the current user is the one associated with the user mapping, or is the server owner and the mapping is for PUBLIC, or is a superuser. This is to protect passwords. Also, fix a bug in information_schema._pg_foreign_servers, which hid servers using wrappers where the current user did not have privileges on the wrapper. The correct behavior is to hide servers where the current user has no privileges on the server.
Showing
- doc/src/sgml/information_schema.sgml 7 additions, 2 deletionsdoc/src/sgml/information_schema.sgml
- doc/src/sgml/ref/alter_user_mapping.sgml 8 additions, 3 deletionsdoc/src/sgml/ref/alter_user_mapping.sgml
- doc/src/sgml/ref/create_user_mapping.sgml 8 additions, 3 deletionsdoc/src/sgml/ref/create_user_mapping.sgml
- doc/src/sgml/ref/drop_user_mapping.sgml 9 additions, 3 deletionsdoc/src/sgml/ref/drop_user_mapping.sgml
- src/backend/catalog/information_schema.sql 11 additions, 6 deletionssrc/backend/catalog/information_schema.sql
- src/backend/commands/foreigncmds.c 32 additions, 24 deletionssrc/backend/commands/foreigncmds.c
- src/test/regress/expected/foreign_data.out 11 additions, 4 deletionssrc/test/regress/expected/foreign_data.out
- src/test/regress/sql/foreign_data.sql 3 additions, 1 deletionsrc/test/regress/sql/foreign_data.sql
Loading
Please register or sign in to comment