Home > mailing lists

Re: Removing the default grant of EXECUTE on functions/procedures to PUBLIC - Mailing list pgsql-general

From	David G. Johnston
Subject	Re: Removing the default grant of EXECUTE on functions/procedures to PUBLIC
Date	July 5 17:49:34
Msg-id	CAKFQuwahMtaCfR+ifpm_jssA-+W4OEnXXXs_ce6+mYniqoCsQQ@mail.gmail.com Whole thread Raw
In response to	Removing the default grant of EXECUTE on functions/procedures to PUBLIC ("Tefft, Michael J" <Michael.J.Tefft@snapon.com>)
List	pgsql-general

Tree view

On Friday, July 5, 2024, Tefft, Michael J <Michael.J.Tefft@snapon.com> wrote:

I am trying to remove the default grant of EXECUTE on all functions/procedures to PUBLIC.
From my reading, there is no straightforward way to do this. For example,
ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC;
Does not apply this across the entire cluster (or database) but only applies to the role who issued it (and objects yet to be created by that role) .
So I am arriving at the conclusion that I need to alter the default privileges for every existing role (which I expected), and ensure that default privileges are altered for every new role that is created going forward.

Have I analyzed this correctly?

Only those roles that have create privilege on one or more schemas. That should be a reasonably finite and static set.

David J.

pgsql-general by date:

From: "Tefft, Michael J"
Date: 05 July, 17:45:11
Subject: Removing the default grant of EXECUTE on functions/procedures to PUBLIC

From: Tom Lane
Date: 05 July, 17:51:01
Subject: Re: Removing the default grant of EXECUTE on functions/procedures to PUBLIC

Re: Removing the default grant of EXECUTE on functions/procedures to PUBLIC - Mailing list pgsql-general

Previous

Next