In my current implementation for function privileges, I have the function
permission check somewhere down in the executor. (To be precise, the
permission is determined when the fcache is initialized, and it's checked
in ExecMakeFunctionResult.) Now I remembered the way SQL99 specifies
function resolution, which has the permission check before the function
resolution begins. See also
http://archives.postgresql.org/pgsql-hackers/2002-01/msg01120.php
for the full details.
This makes some sense, because normally you'd want the parser to choose
only between the functions you have access to.
I do have two concerns, however:
1. It would lead to confusing error messages, i.e., always "not found"
instead of "permission denied".
2. It would make a great deal of more sense if the table name resolution
that will be necessary in the new schema implementation were done the same
way. But I have a feeling that this could get messy when rewrite rules
are involved. (More generally, the whole schema resolution could get
messy when rewrite rules are involved.)
Any comments?
--
Peter Eisentraut peter_e@gmx.net