Postgres Pro
Downloads
Home   >   mailing lists

Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute" - Mailing list pgsql-general

From David G. Johnston
Subject Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute"
Date
Msg-id CAKFQuwaQo9_KjEniKBhq=kGJWFS4TSRyJ9NS7WAO4nzmsJxMmg@mail.gmail.com
Whole thread Raw
In response to Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute"  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute"  (Bryn Llewellyn <bryn@yugabyte.com>)
List pgsql-general
Tree view
On Fri, Feb 11, 2022 at 3:05 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
(I wonder if it'd be practical or useful to emit a warning when
granting permissions on an object that already has a grant of
the same permissions to PUBLIC.  That would at least cue people
who don't understand about this behavior that they ought to look
more closely.)

We did something similar a while ago where we now warn if you try to revoke a privilege on a role that is actually inherited from PUBLIC and so the revoke on the role doesn't actually do anything.  The inverse seems reasonable, and consistent that, at first blush.

David J.

pgsql-general by date:

Previous
From: "David G. Johnston"
Date:
Subject: Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute"
Next
From: Bryn Llewellyn
Date:
Subject: Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute"