On Thursday, February 1, 2018, Andrew Bartley <
ambartley@gmail.com> wrote:
Hi all,
I am trying to work out a way to create a roll/user that can only execute one particular function and nothing else. The particular function has been created with "SECURITY DEFINER".
Never tried it but "REVOKE PUBLIC FROM role" then "GRANT ... TO role" would ideally work.
Not simple since every role is a member of PUBLIC from which they all inherit useful defaults. You can remove those defaults and the already granted privileges from PUBLIC and then add them back to some super-role group that everyone but this user belongs too. Then only add the one grant you desire to this user.
David J.