I’ve executed the following in a clean database:
As postgres/superuser:
CREATE ROLE impotent NOLOGIN;
CREATE FUNCTION testfunc() RETURNS boolean AS $$
BEGIN
RETURN true;
END;
$$ LANGUAGE 'plpgsql';
REVOKE ALL ON FUNCTION testfunc() FROM impotent;
SET ROLE impotent;
SELECT has_function_privilege('impotent','testfunc()','execute');
SELECT testfunc();
The has_function_privilege returns true instead of false and the SELECT testfunc() returns without an exception.
I expected failure due to the REVOKE ALL … FROM impotent so what am I missing?
Thanks,
David J