Another question, if we put functions into a schema and then use "grant
usage" on the schema is that considered an OK practice in postgresql to
limit users to a group of functions (I assume they would still have to have
usage on the schema to get to them).
-----Original Message-----
From: Walker, Jed S
Sent: Friday, May 06, 2005 8:46 AM
To: 'Tom Lane'
Cc: 'pgsql-novice@postgresql.org'
Subject: RE: [NOVICE] Execute function without execute privilege
Do you mean that when I create a function an implicit "grant execute on
function" is done? If so, we would have to do a revoke with each grant. Or,
do you mean there is a public grant to "execute any function" that I can
just remove when I create the database (and if so, how?)
-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Thursday, May 05, 2005 2:24 PM
To: Walker, Jed S
Cc: 'pgsql-novice@postgresql.org'
Subject: Re: [NOVICE] Execute function without execute privilege
"Walker, Jed S" <Jed_Walker@cable.comcast.com> writes:
> I discovered today that when I create a function in a schema that
> another user has "grant usage" on, they are able to execute the
> function even though I've not granted them "execute" on the function.
> Is this normal behavior (from the manual I don't believe it is)?
Yes, it is, because the default for functions is to grant PUBLIC EXECUTE
access. Revoke that if you don't want it.
regards, tom lane