|
I am trying to remove the default grant of EXECUTE on all functions/procedures to PUBLIC.
From my reading, there is no straightforward way to do this. For example, ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC; Does not apply this across the entire cluster (or database) but only applies to the role who issued it (and objects yet to be created by that role) . So I am arriving at the conclusion that I need to alter the default privileges for every existing role (which I expected), and ensure that default privileges are altered for every new role that is created going forward. Have I analyzed this correctly? Thanks, Mike Tefft |
