Hi again Tom,
I re-read your point 2. “You don't want to grant USAGE on the foreign server to the localuser, either.” to find out this was exactly the solution I was looking for. That is: it's fine to not let the basic user create the foreign tables.
Wow, it was as easy as moving the foreign table creations up to a higher “admin” level and giving only classical “select” grants to my local “basic” user. That's it, it works! When the basic user tries to list the existing user mappings of the database the “FDW options” column is now empty thus not revealing the remote server's username and password.
Thank you very much !
On Wed, 3 Jun 2020 at 22:22, Adrian Klaver <adrian.klaver@xxxxxxxxxxx> wrote:
On 6/3/20 4:11 AM, Paul Bonaud wrote:
> Hi Tom,
>
> Thank you very much for your answer.
>
> I was worried to get this kind of solution, i.e. “don't be so miserly as
> not to create a separate one for each privilege level you need.”,
> however in the case of a remote database **you have no control over**it
> sounds pretty impossible to do.
>
> If I understand correctly, my initial question doesn't have a solution
> within postgres, does this sound right?
As it stands now I can't think of one. You might reach out to the
postgres_fdw folks and see if they could get it to use a service file:
https://www.postgresql.org/docs/12/libpq-pgservice.html
Then the user mapping could use information the end user can't see
unless they had permissions on the file system.
>
> Thanks again !
> Paul
> **
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx