Thread: permissions PB

permissions PB

From
"Jean-Yves F. Barbier"
Date:
Hi list,

The DB owner created a function as:
CREATE FUNCTION mysch.testaddint(int, int)
RETURNS int AS $$ SELECT $1+$2 $$LANGUAGE sql;

When usr1 is granted usage on domain mysch he can execute this function.
(which is strange as owner didn't grant execute on this fnct,
 I guess this is default behavior and thus ok.)

Until here, almost no PB, but after owner's:
REVOKE ALL ON FUNCTION mysch.testaddint(int, int) FROM usr1;

usr1 still can execute the function!? (#@<!>&)

Did I missed something somewhere?

JY
--
Brain damage is all in your head.
        -- Karl Lehenbauer

Re: permissions PB [SOLVED]

From
"Jean-Yves F. Barbier"
Date:
On Tue, 14 Jun 2011 02:39:29 +0200, "Jean-Yves F. Barbier" <12ukwn@gmail.com>
wrote:

I didn't remember that 'public' needed to be revoked before permission could
be effective - sorry for the noise.

> The DB owner created a function as:
> CREATE FUNCTION mysch.testaddint(int, int)
> RETURNS int AS $$ SELECT $1+$2 $$LANGUAGE sql;
>
> When usr1 is granted usage on domain mysch he can execute this function.
> (which is strange as owner didn't grant execute on this fnct,
>  I guess this is default behavior and thus ok.)
>
> Until here, almost no PB, but after owner's:
> REVOKE ALL ON FUNCTION mysch.testaddint(int, int) FROM usr1;
>
> usr1 still can execute the function!? (#@<!>&)
>
> Did I missed something somewhere?
>
> JY


--
A male gynecologist is like an auto mechanic who has never owned a car.
        -- Carrie Snow