Do you mean that when I create a function an implicit "grant execute on
function" is done? If so, we would have to do a revoke with each grant. Or,
do you mean there is a public grant to "execute any function" that I can
just remove when I create the database (and if so, how?)
-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Thursday, May 05, 2005 2:24 PM
To: Walker, Jed S
Cc: 'pgsql-novice@postgresql.org'
Subject: Re: [NOVICE] Execute function without execute privilege
"Walker, Jed S" <Jed_Walker@cable.comcast.com> writes:
> I discovered today that when I create a function in a schema that
> another user has "grant usage" on, they are able to execute the
> function even though I've not granted them "execute" on the function.
> Is this normal behavior (from the manual I don't believe it is)?
Yes, it is, because the default for functions is to grant PUBLIC EXECUTE
access. Revoke that if you don't want it.
regards, tom lane