In response to Rikard Pavelic <rikard.pavelic@zg.htnet.hr>:
> Tom Lane wrote:
> > No, it's operating as designed. Per the GRANT reference page:
> > : Depending on the type of object, the initial default privileges may
> > : include granting some privileges to PUBLIC. The default is no public
> > : access for tables, schemas, and tablespaces; CONNECT privilege and TEMP
> > : table creation privilege for databases; EXECUTE privilege for functions;
> > : and USAGE privilege for languages. The object owner may of course revoke
> > : these privileges. (For maximum security, issue the REVOKE in the same
> > : transaction that creates the object; then there is no window in which
> > : another user may use the object.)
> >
> > You'll need to revoke the default public EXECUTE privilege on any
> > functions you don't want to be callable.
>
> Hmm, so the answer to my question
> "How can I assign execute permission to a role for a single function
> inside schema."
> is I can't?
How did you interpret "do it like this" to mean "you can't do it"?
REVOKE ALL ON <function name> FROM PUBLIC;
> So this basically means that I can't fine tune the permissions through
> functions, but I
> can through views and tables?
> This looks like a bug in design to me ;(
Relax. You (somehow) misunderstood Tom.
--
Bill Moran
http://www.potentialtech.com