Thread: Execute function without execute privilege

Execute function without execute privilege

From
"Walker, Jed S"
Date:

I discovered today that when I create a function in a schema that another user has "grant usage" on, they are able to execute the function even though I've not granted them "execute" on the function.

Is this normal behavior (from the manual I don't believe it is)?

If so, is the best solution to put all of our functions into separate schemas and grant usage on those based on what groups of functions someone needs?

Thanks!

      Jed S. Walker

Re: Execute function without execute privilege

From
Tom Lane
Date:
"Walker, Jed S" <Jed_Walker@cable.comcast.com> writes:
> I discovered today that when I create a function in a schema that another
> user has "grant usage" on, they are able to execute the function even though
> I've not granted them "execute" on the function.

> Is this normal behavior (from the manual I don't believe it is)?

Yes, it is, because the default for functions is to grant PUBLIC EXECUTE
access.  Revoke that if you don't want it.

            regards, tom lane

Re: Execute function without execute privilege

From
"Walker, Jed S"
Date:
Do you mean that when I create a function an implicit "grant execute on
function" is done? If so, we would have to do a revoke with each grant. Or,
do you mean there is a public grant to "execute any function" that I can
just remove when I create the database (and if so, how?)


-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Thursday, May 05, 2005 2:24 PM
To: Walker, Jed S
Cc: 'pgsql-novice@postgresql.org'
Subject: Re: [NOVICE] Execute function without execute privilege

"Walker, Jed S" <Jed_Walker@cable.comcast.com> writes:
> I discovered today that when I create a function in a schema that
> another user has "grant usage" on, they are able to execute the
> function even though I've not granted them "execute" on the function.

> Is this normal behavior (from the manual I don't believe it is)?

Yes, it is, because the default for functions is to grant PUBLIC EXECUTE
access.  Revoke that if you don't want it.

            regards, tom lane

Re: Execute function without execute privilege

From
"Walker, Jed S"
Date:
Another question, if we put functions into a schema and then use "grant
usage" on the schema is that considered an OK practice in postgresql to
limit users to a group of functions (I assume they would still have to have
usage on the schema to get to them).

-----Original Message-----
From: Walker, Jed S
Sent: Friday, May 06, 2005 8:46 AM
To: 'Tom Lane'
Cc: 'pgsql-novice@postgresql.org'
Subject: RE: [NOVICE] Execute function without execute privilege

Do you mean that when I create a function an implicit "grant execute on
function" is done? If so, we would have to do a revoke with each grant. Or,
do you mean there is a public grant to "execute any function" that I can
just remove when I create the database (and if so, how?)


-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Thursday, May 05, 2005 2:24 PM
To: Walker, Jed S
Cc: 'pgsql-novice@postgresql.org'
Subject: Re: [NOVICE] Execute function without execute privilege

"Walker, Jed S" <Jed_Walker@cable.comcast.com> writes:
> I discovered today that when I create a function in a schema that
> another user has "grant usage" on, they are able to execute the
> function even though I've not granted them "execute" on the function.

> Is this normal behavior (from the manual I don't believe it is)?

Yes, it is, because the default for functions is to grant PUBLIC EXECUTE
access.  Revoke that if you don't want it.

            regards, tom lane

Re: Execute function without execute privilege

From
Bruno Wolff III
Date:
On Fri, May 06, 2005 at 08:45:41 -0600,
  "Walker, Jed S" <Jed_Walker@cable.comcast.com> wrote:
> Do you mean that when I create a function an implicit "grant execute on
> function" is done? If so, we would have to do a revoke with each grant. Or,
> do you mean there is a public grant to "execute any function" that I can
> just remove when I create the database (and if so, how?)

When a function is created it is created with "public" having execute access
to it. You will need to do a revoke after each function creation.

Re: Execute function without execute privilege

From
Tom Lane
Date:
"Walker, Jed S" <Jed_Walker@cable.comcast.com> writes:
> Do you mean that when I create a function an implicit "grant execute on
> function" is done?

Effectively, yes.  See the GRANT manual page for details.

            regards, tom lane