Thread: Understanding ALTER DEFAULT PRIVILEGES Behavior in PostgreSQL
Hello PostgreSQL Community,
I was experimenting with default privileges in PostgreSQL and came across a behavior I didn’t
fully understand. I would appreciate any insights on this.
I wanted to ensure that, by default, no roles had EXECUTE privileges on functions created in my
schema. To achieve this, I ran the following:
postgres=# CREATE SCHEMA my_schema;
CREATE SCHEMA
postgres=# CREATE ROLE alex LOGIN;
CREATE ROLE
postgres=# ALTER DEFAULT PRIVILEGES IN SCHEMA my_schema REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC;
ALTER DEFAULT PRIVILEGES
postgres=# CREATE OR REPLACE FUNCTION my_schema.hello_world()
RETURNS TEXT AS $$
BEGIN
RETURN 'Hello, World!';
END;
$$ LANGUAGE plpgsql;
CREATE FUNCTION
postgres=# GRANT USAGE ON SCHEMA my_schema TO alex;
GRANT
postgres=# SET ROLE alex;
SET
postgres=> SELECT my_schema.hello_world();
hello_world
---------------
Hello, World!
(1 row)
To my surprise, alex was still able to execute the function hello_world, even though I had
altered the default privileges before creating it. I was expecting the function to be inaccessible
unless explicitly granted permissions.
Could someone help me understand why this happens? Also, what would be the best way to
ensure that, by default, no roles (except the function owner) have any privileges on new
functions created in my protected schema?
I know about REVOKE ALL ON ALL FUNCTIONS IN SCHEMA my_schema FROM public but
this won't work for the functions created after this revoke statement.
Thanks
Ayush Vatsa
postgres=# ALTER DEFAULT PRIVILEGES IN SCHEMA my_schema REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC;
ALTER DEFAULT PRIVILEGES
ALTER DEFAULT PRIVILEGES command that did not specify a schema). Per-schema REVOKE is only useful to reverse the effects of a previous per-schema GRANT.Also, what would be the best way to ensure that, by default, no roles (except the function owner) have any privileges on new functions created in my protected schema?