Home > mailing lists

Re: Separating function privileges from tables - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Separating function privileges from tables
Date	May 4, 2007 02:31:52
Msg-id	9323.1178245896@sss.pgh.pa.us Whole thread Raw
In response to	Separating function privileges from tables (Barry Brown <barry@cs.sierracollege.edu>)
List	pgsql-general

Tree view

Barry Brown <barry@cs.sierracollege.edu> writes:
> It's nice that privileges on views are separate from the privileges
> on its underlying tables. For example, if view V queries tables A and
> B, I only need to grant SELECT on the view to another user; tables A
> and B can have that privilege revoked and the view works.

> Are there plans to extend similar behavior to functions? That is, can
> I simply grant EXECUTE on the function and not have to worry about
> granting the appropriate privileges to the tables used by the function?

I think you are looking for SECURITY DEFINER function option.

            regards, tom lane

pgsql-general by date:

From: Tom Lane
Date: 04 May 2007, 02:30:25
Subject: Re: Dangers of fsync = off

From: "Mike Frysinger"
Date: 04 May 2007, 02:39:55
Subject: Re: cant get pg_dump/pg_restore to behave

Re: Separating function privileges from tables - Mailing list pgsql-general

Previous

Next