Quick question on function privileges: what exactly does GRANT/REVOKE
ON FUNCTION fun_name() actually do?
I've tried a few scenarios out, and cannot figure out when this is
used. Let us say I have a function F(int4) that does some selection
on a table T.
If user A comes along and has no SELECT privileges on T, but has
EXECUTE privileges on F, A is not permitted to run the function, with
an error stating access to T is needed.
Now, if user B comes along and has SELECT privileges on T, but not
EXECUTE privileges on F, B is permitted to run the function.
I'm sure I'm missing some scenario where privileges on F make a
difference, but I can't find any info in the docs on this. Can
anyone help me out understanding this?
Thanks!
Murat
