Thread: Separating function privileges from tables

Separating function privileges from tables

Barry Brown
Hi all,

It's nice that privileges on views are separate from the privileges
on its underlying tables. For example, if view V queries tables A and
B, I only need to grant SELECT on the view to another user; tables A
and B can have that privilege revoked and the view works.

Are there plans to extend similar behavior to functions? That is, can
I simply grant EXECUTE on the function and not have to worry about
granting the appropriate privileges to the tables used by the function?



Re: Separating function privileges from tables

Tom Lane
Barry Brown <> writes:
> It's nice that privileges on views are separate from the privileges
> on its underlying tables. For example, if view V queries tables A and
> B, I only need to grant SELECT on the view to another user; tables A
> and B can have that privilege revoked and the view works.

> Are there plans to extend similar behavior to functions? That is, can
> I simply grant EXECUTE on the function and not have to worry about
> granting the appropriate privileges to the tables used by the function?

I think you are looking for SECURITY DEFINER function option.

            regards, tom lane