Re: security permissions for functions - Mailing list pgsql-general

From Tom Lane
Subject Re: security permissions for functions
Date
Msg-id 21847.1173420443@sss.pgh.pa.us
Whole thread Raw
In response to Re: security permissions for functions  ("Ted Byers" <r.ted.byers@rogers.com>)
Responses Re: security permissions for functions
List pgsql-general
"Ted Byers" <r.ted.byers@rogers.com> writes:
> ... Can
> I make a function as a part of a schema that is executable only by the owner
> and other functions in the schema, and no-one else, and still have a
> publically callable function in that schema invoke the "private" function?

Certainly --- the point here is merely that that isn't the *default*
behavior.  We judged quite some time ago that allowing public execute
access was the most useful default.  Perhaps that was a bad choice, but
I think we're unlikely to change it now ...

> I mean the obvious statement, for the fine
> tuning he appears to me to want to do, would be to follow the REVOKE
> statement you show with a GRANT statement for a specific user.

Check.  Once you revoke the default public execute access, the function
is useless (well, except to superusers) until you grant somebody the
right to call it.

            regards, tom lane

pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: OT: Canadian Tax Database
Next
From: Tom Lane
Date:
Subject: Re: Can psql show me where my script is broken?