|
I was checking pg_roles.acl_default to see if my role-level ALTER DEFAULT PRIVILEGES had been effective. But I see the same content both before and after the ALTEr. You mention that this needs to be done in each database. Is there a database-level version of pg_roles.acl_default that I should be checking instead? Thanks, Mike Tefft From: Tom Lane <tgl@xxxxxxxxxxxxx>
"Tefft, Michael J" <Michael. J. Tefft@ snapon. com>
writes: > I am trying to remove the default grant of EXECUTE on all functions/procedures to PUBLIC. >> From my reading, there is no straightforward way to do this. For example,
"Tefft, Michael J" <Michael.J.Tefft@xxxxxxxxxx> writes:
> I am trying to remove the default grant of EXECUTE on all functions/procedures to PUBLIC.
>> From my reading, there is no straightforward way to do this. For example,
> ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC;
> Does not apply this across the entire cluster (or database) but only applies to the role who issued it (and objects yet to be created by that role) .
> So I am arriving at the conclusion that I need to alter the default privileges for every existing role (which I expected), and ensure that default privileges are altered for every new role that is created going forward.
> Have I analyzed this correctly?
You'll also need to repeat the ALTERs in each database of your
installation.
regards, tom lane
|
