I have a scenario where I am working with two functions: one in SQL and another in C, where the SQL function is a wrapper around C function. Here’s an example:
CREATEORREPLACEFUNCTION my_func(INinputtext)
RETURNSBIGINTAS $$
DECLARE result BIGINT;BEGINSELECT col2 INTO result FROM my_func_extended(input); RETURN result;
END;
$$ LANGUAGE plpgsql;
CREATEORREPLACEFUNCTION my_func_extended( INinputtext, OUT col1 text, OUT col2 BIGINT
)
RETURNS SETOF record
AS'MODULE_PATHNAME', 'my_func_extended'LANGUAGE C STRICT PARALLEL SAFE;
I need to prevent direct execution of my_func_extended from psql while still allowing it to be called from within the wrapper function my_func.
I’m considering the following options:
Using GRANT/REVOKE in SQL to manage permissions.
Adding a check in the C function to allow execution only if my_func is in the call stack (previous parent or something), and otherwise throwing an error.
Is there an existing approach to achieve this, or would you recommend a specific solution?