Would it be necessary to disambiguate? Wouldn't individual_user's privileges be a union of all of the privileges of all the groups of which it is a part? That seems to be how it works in the core postgres functionality: If local_group_1 is a role with privileges on table_a and table_b, and local_group_2 is a role with privileges on table_c, then after grant local_group_1 to individual_user; grant local_group_2 to individual_user; individual_user now has privileges on table_a, table_b, and table_c. But if local_group_2 also has a user mapping on foreign_table_x, individual_user inherits the privileges on table_c, but not foreign_table_x. Or am I misunderstanding you? Is there something about foreign tables that precludes the role inheritance from working the same way it does with native tables? Thanks, Natalie > On Jul 16, 2015, at 1:16 PM, Tom Lane <tgl@xxxxxxxxxxxxx> wrote: > > Natalie Wenz <nataliewenz@xxxxxxxxxxx> writes: >> Is there a way to tell postgres_fdw to allow individual_user to inherit >> user mappings from groups of which it is a part? > > No. How would you disambiguate if the current role were a member of > multiple groups? > > regards, tom lane -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
