On Fri, Feb 11, 2022 at 1:46 PM Bryn Llewellyn <bryn@xxxxxxxxxxxx> wrote:
grant usage on schema s to z;
revoke execute on function s.f() from z; -- Yes, really!*This surprises me*The PG doc on, in the "5.7. Privileges" section at https://www.postgresql.org/docs/current/ddl-priv.html (under "USAGE" following "The available privileges are"), says this:«For schemas, allows access to objects contained in the schema (assuming that the objects' own privilege requirements are also met). Essentially this allows the grantee to “look up” objects within the schema...»
Is the design of my test-case faulty? Have I found a bug? Or is the doc wrong?
WADaD
"No privileges are granted to PUBLIC by default on tables, table columns, sequences, foreign data wrappers, foreign servers, large objects, schemas, or tablespaces. For other types of objects, the default privileges granted to PUBLIC are as follows: CONNECT and TEMPORARY (create temporary tables) privileges for databases; ***EXECUTE privilege for functions and procedures***; and USAGE privilege for languages and data types (including domains)."
David J.
