> If you want to confirm what the documentation says create a custom operator/function that alex is not permitted to execute and have them query a view defined by postgres that uses that function.
Thanks for the suggestion, it helped and I found out alex could not execute the view as it didn't have privileges for the function associated with operator
But a small doubt arises here I have to revoke the execution of the function using the command
REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public from public;
but when I tried
REVOKE EXECUTE ON FUNCTION text_equals(text,text) FROM alex;
or
REVOKE ALL ON FUNCTION text_equals(text,text) FROM alex;
It didn't work i.e alex can still execute text_equals function. Why is it so?
Thanks
Ayush Vatsa
SDE AWS
On Sun, 7 Apr 2024 at 22:31, David G. Johnston <david.g.johnston@xxxxxxxxx> wrote:
On Sun, Apr 7, 2024 at 9:32 AM Ayush Vatsa <ayushvatsa1810@xxxxxxxxx> wrote:but who will execute the> underlying function inside the ( > ) operator ? Is it postgres or alex?I'm reasonably confident that all the built-in functions are security invoker. Not that a pure function like greater-than really cares.David J.
