Re: Restricting Direct Access to a C Function in PostgreSQL

Heikki Linnakangas <hlinnaka@iki.fi> writes:
> Sounds complicated. I would go with the GRANT approach. Make my_func() a 
> SECURITY DEFINER function, and revoke access to my_func_extended() for 
> all other roles.

+1

> Another option to consider is to not expose my_func_extended() at the 
> SQL level in the first place, and rewrite my_func() in C. Dunno how 
> complicated the logic in my_func() is, if that makes sense.

Another way to think about that is "push down into C the part of
my_func() that you feel is necessary to make my_func_extended()
safely callable".  Personally I'd probably change my_func_extended()
itself to do that, but if you feel a need to leave it alone, you
could write a C wrapper function.  Anyway my point is you might
not have to move *all* of my_func()'s functionality into C.  Think
about what it is exactly that makes you feel it's unsafe to call
my_func_extended() directly.

            regards, tom lane