On Sun, Apr 7, 2024 at 11:02 AM Ayush Vatsa <ayushvatsa1810@xxxxxxxxx> wrote:
> If you want to confirm what the documentation says create a custom operator/function that alex is not permitted to execute and have them query a view defined by postgres that uses that function.Thanks for the suggestion, it helped and I found out alex could not execute the view as it didn't have privileges for the function associated with operatorBut a small doubt arises here I have to revoke the execution of the function using the commandREVOKE ALL ON ALL FUNCTIONS IN SCHEMA public from public;but when I triedREVOKE EXECUTE ON FUNCTION text_equals(text,text) FROM alex;orREVOKE ALL ON FUNCTION text_equals(text,text) FROM alex;It didn't work i.e alex can still execute text_equals function. Why is it so?
Especially the part regarding default privileges. The PUBLIC pseudo-role is granted execute on functions by default. You are probably trying to revoke a privilege from alex that was never granted to alex directly.
David J.