Another question, if we put functions into a schema and then use "grant
usage" on the schema is that considered an OK practice in postgresql to
limit users to a group of functions (I assume they would still have to have
usage on the schema to get to them).
From: Walker, Jed S
Sent: Friday, May 06, 2005 8:46 AM
To: 'Tom Lane'
Subject: RE: [NOVICE] Execute function without execute privilege
Do you mean that when I create a function an implicit "grant execute on
function" is done? If so, we would have to do a revoke with each grant. Or,
do you mean there is a public grant to "execute any function" that I can
just remove when I create the database (and if so, how?)
From: Tom Lane
Sent: Thursday, May 05, 2005 2:24 PM
To: Walker, Jed S
Subject: Re: [NOVICE] Execute function without execute privilege
"Walker, Jed S" <Jed_Walker@cable.comcast.com> writes:
I discovered today that when I create a function in a schema that
another user has "grant usage" on, they are able to execute the
function even though I've not granted them "execute" on the function.
Is this normal behavior (from the manual I don't believe it is)?
Yes, it is, because the default for functions is to grant PUBLIC EXECUTE
access. Revoke that if you don't want it.
regards, tom lane