"Craig" <postgresql@xxxxxxxxxxxx> writes: > I am trying to prevent anyone that inhertis from role1 to not be able to = > select from any database table, unless they execute a function that I = > have provided. How do I setup the security for this?=20 You need to mark the function as SECURITY DEFINER, which means that it runs with its creator's permissions. By default a function runs with the caller's permissions. (Yeah, SECURITY DEFINER is a pretty obscure name for this. It's what the SQL spec requires though :-() regards, tom lane
