Home > mailing lists

Re: Rolls - Mailing list pgsql-general

From	David G. Johnston
Subject	Re: Rolls
Date	February 2, 2018 03:43:50
Msg-id	CAKFQuwaW4YepmoGe4p_H9S4WZZoNVVNkACecfEAfAt0msnBmVw@mail.gmail.com Whole thread Raw
In response to	Rolls (Andrew Bartley <ambartley@gmail.com>)
List	pgsql-general

Tree view

On Thursday, February 1, 2018, Andrew Bartley <ambartley@gmail.com> wrote:

Hi all,

I am trying to work out a way to create a roll/user that can only execute one particular function and nothing else. The particular function has been created with "SECURITY DEFINER".

Never tried it but "REVOKE PUBLIC FROM role" then "GRANT ... TO role" would ideally work.

Not simple since every role is a member of PUBLIC from which they all inherit useful defaults. You can remove those defaults and the already granted privileges from PUBLIC and then add them back to some super-role group that everyone but this user belongs too. Then only add the one grant you desire to this user.

David J.

pgsql-general by date:

From: Andrew Bartley
Date: 02 February 2018, 03:42:45
Subject: Re: Rolls

From: raf@raf.org
Date: 02 February 2018, 04:25:04
Subject: Re: Recreating functions after starting the database server.

Re: Rolls - Mailing list pgsql-general

Previous

Next