On Wed, Mar 23, 2005 at 12:09:33PM +0530, Rajarshi Mukherjee wrote:
> i am ony giving usage grant on a function in my schema to another user.
I think you mean you're granting usage on the schema -- "USAGE"
isn't a valid privilege type for functions.
> Then how come he's been able to execute the function in the following way?
>
> select ins.validate('nyname','mypassword');
The default privilege for functions grants EXECUTE to PUBLIC, so if
you've granted USAGE on the schema then users can execute functions
in that schema.
> But if i don't give usage grant and straight way give execute grant on
> the function, the user gets an error:- permission denied for schema
> ins.
Users who don't have USAGE on the function's schema won't be able
to execute the function, regardless of the function's privileges.
Think of the schema as a container: if you don't have privilege on
the container, then you can't access anything inside the container.
> i want to give the user execute grant on a particular funtion in my
> schema and not all functions.
Grant USAGE on the schema, and revoke EXECUTE on the functions you
don't want people to execute.
--
Michael Fuhr
http://www.fuhr.org/~mfuhr/
