Thread: Clarification on REVOKE ALL ON FUNCTION – Are there any privileges apart from EXECUTE?
Clarification on REVOKE ALL ON FUNCTION – Are there any privileges apart from EXECUTE?
From
Ayush Vatsa
Date:
Hi Postgres Community,
I had a quick question regarding function-level privileges in PostgreSQL.
We know that
REVOKE EXECUTE ON FUNCTION ... removes the ability to call the function. But when we do:REVOKE ALL ON FUNCTION my_func(args) FROM some_role;
does this revoke anything other than EXECUTE? Are there any other privileges that apply to functions which get revoked via REVOKE ALL?
I looked through the documentation but couldn’t find a definitive answer on whether ALL includes more than just EXECUTE in the context of functions.
Would appreciate any insights or pointers.
---------------
Regards,
Ayush
Re: Clarification on REVOKE ALL ON FUNCTION – Are there any privileges apart from EXECUTE?
From
Adrian Klaver
Date:
On 5/18/25 12:17, Ayush Vatsa wrote: > Hi Postgres Community, > I had a quick question regarding function-level privileges in PostgreSQL. > We know that |REVOKE EXECUTE ON FUNCTION ...| removes the ability to > call the function. But when we do: > REVOKE ALL ON FUNCTION my_func(args) FROM some_role; > > does this revoke anything other than |EXECUTE|? Are there any other > privileges that apply to functions which get revoked via |REVOKE ALL|? > > I looked through the documentation but couldn’t find a definitive answer > on whether |ALL| includes more than just |EXECUTE| in the context of > functions. See here: https://www.postgresql.org/docs/current/ddl-priv.html Table 5.1. ACL Privilege Abbreviations This is the best way to see what privileges apply to what objects. > > Would appreciate any insights or pointers. > > --------------- > Regards, > Ayush > -- Adrian Klaver adrian.klaver@aklaver.com