Robert Haas 09/25/11 10:58 AM >>>
> I'm not sure we've been 100% consistent about that, since we
> previously made CREATE OR REPLACE LANGUAGE not replace the owner
> with the current user.
I think we've been consistent in *not* changing security on an
object when it is replaced.
test=# create user someoneelse;
CREATE ROLE
test=# create user yetanother;
CREATE ROLE
test=# create function one() returns int language sql as 'select 1;';
CREATE FUNCTION
test=# alter function one() owner to someoneelse;
ALTER FUNCTION
test=# revoke execute on function one() from public;
REVOKE
test=# create or replace function one() returns int language plpgsql as
$$begin return 1; end;$$;
CREATE FUNCTION
test=# \df+ one() List of
functionsSchema | Name | Result data type | Argument data types | Type |
Volatility | Owner | Language | Source code | Description
--------+------+------------------+---------------------+--------+------------+-------------+----------+----------------------+-------------public
|one | integer | | normal |
volatile | someoneelse | plpgsql | begin return 1; end; |
(1 row)
test=# set role yetanother;
SET
test=> select one();
ERROR: permission denied for function one
-Kevin