Thread: How to grant read only functions execute permission to read only user
Hello guys,
Our read only user is okay to be granted read only permission of tables.
How to grant read only functions execute permission to read only user, is there a simple way to do it please? If not, how to get the list of read only functions please? Then can grant one by one based on the list, thanks
Best regards
Dennis Sun
On 7/17/23 16:11, Yi Sun wrote: > Hello guys, > > Our read only user is okay to be granted read only permission of tables. > > How to grant read only functions execute permission to read only user, > is there a simple way to do it please? If not, how to get the list of > read only functions please? Then can grant one by one based on the list, > thanks What is read-only function? I don't think Postgres has anything like that. Functions inherit the privileges of the user that executes them by default. So if the user is read-only (i.e. has just SELECT privilege), then the function can't do any writes either. regards -- Tomas Vondra EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Re: How to grant read only functions execute permission to read only user
From
"David G. Johnston"
Date:
On Mon, Jul 17, 2023, 08:44 Tomas Vondra <tomas.vondra@enterprisedb.com> wrote:
On 7/17/23 16:11, Yi Sun wrote:
> Hello guys,
>
> Our read only user is okay to be granted read only permission of tables.
>
> How to grant read only functions execute permission to read only user,
> is there a simple way to do it please? If not, how to get the list of
> read only functions please? Then can grant one by one based on the list,
> thanks
What is read-only function? I don't think Postgres has anything like
that. Functions inherit the privileges of the user that executes them by
default. So if the user is read-only (i.e. has just SELECT privilege),
then the function can't do any writes either.
By definition any function marked stable or immutable is read-only though the system doesn't enforce that user-specified label.
David J.