mz wrote
> The following bug has been logged on the website:
>
> Bug reference: 8685
> Logged by: Manuel Zahariev
> Email address:
> mz@.sfu
> PostgreSQL version: 9.1.11
> Operating system: Ubuntu 13.10
> Description:
>
> ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM
> <role>
> ...does not remove default execute privileges on functions
>
> db=# ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM u;
"u" inherits its ability to execute functions from PUBLIC. With grants you
do not tell the system what not to do (i.e., it does not block already
granted permissions) but only what to allow. In order to revoke execute on
functions globally you must remove the corresponding GRANT from PUBLIC.
Revoking only removes a previously applied GRANT. In the case of default
privileges it only revokes previously established default grants.
From the documentation:
http://www.postgresql.org/docs/9.3/interactive/sql-alterdefaultprivileges.html
ALTER DEFAULT PRIVILEGES [FOR ROLE xxx] REVOKE EXECUTE ON FUNCTIONS FROM
PUBLIC;
David J.
--
View this message in context:
http://postgresql.1045698.n5.nabble.com/BUG-8685-alter-default-privileges-cannot-revoke-default-execute-privilege-on-functions-tp5783941p5783947.html
Sent from the PostgreSQL - bugs mailing list archive at Nabble.com.
