rjuju123@xxxxxxxxx wrote: Thanks, Julien. I tried a little test. I created a function "s.q()" with owner "x" and then granted "execute" on it to user "z". But I didn't yet revoke "execute" on "s.q()" from "public". This is whet the "Access privilege" column in the \df+ report for "s.q()" shows: =X/x x=X/x z=X/x I.e. three facts per row: grantee, privilege, and grantee. Then I did this: select proname::text as name, pronamespace::regnamespace::text as schema, aclexplode(proacl) as "aclexplode(proacl)" from pg_catalog.pg_proc) select "aclexplode(proacl)" from c where name = 'q' and schema = 's'; This is the result: aclexplode(proacl) ----------------------------- (1494148,0,EXECUTE,f) (1494148,1494148,EXECUTE,f) (1494148,1494150,EXECUTE,f) This is consistent with the doc that says the array is exploded to records with this signature: (grantor oid, grantee oid, privilege_type text, is_grantable boolean ) This is the perfect starting point for the table function that I was after that would list all user-defined functions and procedures that have "execute" granted to "public". A little bit of perfectly manageable effort will be needed for the special case that when "proacl" is "null", it means that "public" has "execute"—and also to translate the "oid" values" to text. I'll try this presently and report back. |
