Thread: How to grant read only functions execute permission to read only user

Hello guys,

Our read only user is okay to be granted read only permission of tables.

How to grant read only functions execute permission to read only user, is there a simple way to do it please? If not, how to get the list of read only functions please? Then can grant one by one based on the list, thanks

Best regards
Dennis Sun

Re: How to grant read only functions execute permission to read only user

From
Tomas Vondra
Date:

On 7/17/23 16:11, Yi Sun wrote:
> Hello guys,
> 
> Our read only user is okay to be granted read only permission of tables.
> 
> How to grant read only functions execute permission to read only user,
> is there a simple way to do it please? If not, how to get the list of
> read only functions please? Then can grant one by one based on the list,
> thanks

What is read-only function? I don't think Postgres has anything like
that. Functions inherit the privileges of the user that executes them by
default. So if the user is read-only (i.e. has just SELECT privilege),
then the function can't do any writes either.


regards

-- 
Tomas Vondra
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



Re: How to grant read only functions execute permission to read only user

From
"David G. Johnston"
Date:
On Mon, Jul 17, 2023, 08:44 Tomas Vondra <tomas.vondra@enterprisedb.com> wrote:


On 7/17/23 16:11, Yi Sun wrote:
> Hello guys,
>
> Our read only user is okay to be granted read only permission of tables.
>
> How to grant read only functions execute permission to read only user,
> is there a simple way to do it please? If not, how to get the list of
> read only functions please? Then can grant one by one based on the list,
> thanks

What is read-only function? I don't think Postgres has anything like
that. Functions inherit the privileges of the user that executes them by
default. So if the user is read-only (i.e. has just SELECT privilege),
then the function can't do any writes either.



By definition any function marked stable or immutable is read-only though the system doesn't enforce that user-specified label.

David J.