Revise the permission checking on user mapping DDL commands.

CREATE/ALTER/DROP USER MAPPING are now allowed either by the server owner or by a user with USAGE privileges for his own user name. This is more or less what the SQL standard wants anyway (plus "implementation-defined") Hide information_schema.user_mapping_options.option_value, unless the current user is the one associated with the user mapping, or is the server owner and the mapping is for PUBLIC, or is a superuser. This is to protect passwords. Also, fix a bug in information_schema._pg_foreign_servers, which hid servers using wrappers where the current user did not have privileges on the wrapper. The correct behavior is to hide servers where the current user has no privileges on the server.
author: Peter Eisentraut <peter_e@gmx.net> 2009-01-20 09:10:20 +0000
committer: Peter Eisentraut <peter_e@gmx.net> 2009-01-20 09:10:20 +0000
commit: 93a6be63a55a8cd0d73b3fa81eb6a46013a3a974 (patch)
tree: 687e12b06f610c10bd3acf2210275fbeb7cdfb84 /doc/src
parent: fe626982182bd1c8cd2606027a4d49a2f31a01c3 (diff)
4 files changed, 32 insertions, 11 deletions
diff --git a/doc/src/sgml/information_schema.sgml b/doc/src/sgml/information_schema.sgml
index f645c1252d6..96cbf1f12ad 100644
--- a/doc/src/sgml/information_schema.sgml
+++ b/doc/src/sgml/information_schema.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/information_schema.sgml,v 1.36 2008/12/19 16:25:16 petere Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/information_schema.sgml,v 1.37 2009/01/20 09:10:20 petere Exp $ -->
 
 <chapter id="information-schema">
  <title>The Information Schema</title>
@@ -5081,7 +5081,12 @@ ORDER BY c.ordinal_position;
      <row>
       <entry><literal>option_value</literal></entry>
       <entry><type>character_data</type></entry>
-      <entry>Value of the option</entry>
+      <entry>Value of the option.  This column will show as null
+      unless the current user is the user being mapped, or the mapping
+      is for <literal>PUBLIC</literal> and the current user is the
+      server owner, or the current user is a superuser.  The intent is
+      to protect password information stored as user mapping
+      option.</entry>
      </row>
     </tbody>
    </tgroup>
diff --git a/doc/src/sgml/ref/alter_user_mapping.sgml b/doc/src/sgml/ref/alter_user_mapping.sgml
index 38bff39ece7..fef968a32e1 100644
--- a/doc/src/sgml/ref/alter_user_mapping.sgml
+++ b/doc/src/sgml/ref/alter_user_mapping.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/alter_user_mapping.sgml,v 1.1 2008/12/19 16:25:16 petere Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/alter_user_mapping.sgml,v 1.2 2009/01/20 09:10:20 petere Exp $
 PostgreSQL documentation
 -->
 
@@ -31,10 +31,15 @@ ALTER USER MAPPING FOR { <replaceable class="parameter">username</replaceable> |
 
   <para>
    <command>ALTER USER MAPPING</command> changes the definition of a
-   user mapping.  Only the owner of the server can change the user
-   mappings of that server.
+   user mapping.
   </para>
 
+  <para>
+   The owner of a foreign server can alter user mappings for that
+   server for any user.  Also, a user can alter a user mapping for
+   his own user name if <literal>USAGE</> privilege on the server has
+   been granted to the user.
+  </para>
  </refsect1>
 
  <refsect1>
diff --git a/doc/src/sgml/ref/create_user_mapping.sgml b/doc/src/sgml/ref/create_user_mapping.sgml
index b0589817492..6857b3eb7e9 100644
--- a/doc/src/sgml/ref/create_user_mapping.sgml
+++ b/doc/src/sgml/ref/create_user_mapping.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/create_user_mapping.sgml,v 1.2 2009/01/17 04:24:41 neilc Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/create_user_mapping.sgml,v 1.3 2009/01/20 09:10:20 petere Exp $
 PostgreSQL documentation
 -->
 
@@ -31,10 +31,15 @@ CREATE USER MAPPING FOR { <replaceable class="parameter">username</replaceable>
 
   <para>
    <command>CREATE USER MAPPING</command> defines a mapping of a user
-   to a foreign server.  You must be the owner of the server to define
-   user mappings for it.
+   to a foreign server.
   </para>
 
+  <para>
+   The owner of a foreign server can create user mappings for that
+   server for any user.  Also, a user can create a user mapping for
+   his own user name if <literal>USAGE</> privilege on the server has
+   been granted to the user.
+  </para>
  </refsect1>
 
  <refsect1>
diff --git a/doc/src/sgml/ref/drop_user_mapping.sgml b/doc/src/sgml/ref/drop_user_mapping.sgml
index c22dedb661a..82d5fa5dcb1 100644
--- a/doc/src/sgml/ref/drop_user_mapping.sgml
+++ b/doc/src/sgml/ref/drop_user_mapping.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/drop_user_mapping.sgml,v 1.1 2008/12/19 16:25:16 petere Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/drop_user_mapping.sgml,v 1.2 2009/01/20 09:10:20 petere Exp $
 PostgreSQL documentation
 -->
 
@@ -29,8 +29,14 @@ DROP USER MAPPING [ IF EXISTS ] FOR { <replaceable class="parameter">username</r
 
   <para>
    <command>DROP USER MAPPING</command> removes an existing user
-   mapping from foreign server.  To execute this command, the current
-   user must be the owner of the server containing the mapping.
+   mapping from foreign server.
+  </para>
+
+  <para>
+   The owner of a foreign server can drop user mappings for that server
+   for any user.  Also, a user can drop a user mapping for his own
+   user name if <literal>USAGE</> privilege on the server has been
+   granted to the user.
   </para>
  </refsect1>
author	Peter Eisentraut <peter_e@gmx.net>	2009-01-20 09:10:20 +0000
committer	Peter Eisentraut <peter_e@gmx.net>	2009-01-20 09:10:20 +0000
commit	93a6be63a55a8cd0d73b3fa81eb6a46013a3a974 (patch)
tree	687e12b06f610c10bd3acf2210275fbeb7cdfb84 /doc/src
parent	fe626982182bd1c8cd2606027a4d49a2f31a01c3 (diff)