Search Postgresql Archives

Re: Utility of GRANT EXECUTE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 14, 2006 at 09:24:52AM +0100, Paul Mackay wrote:
> It seems that any user has the right to execute a function, whether or not
> it has been granted the EXECUTE privilege on it. Even a REVOKE EXECUTE has
> no impact. A privilige error will be raised only if the function tries to
> access an object (ex.: a table) for witch the user doesn't have the
> appropriate privilege(s).

Revoking EXECUTE from an individual user has no effect if public
still has privileges, which is does by default.

> Is there any utility to the GRANT EXECUTE then ?

If you revoke public's privileges then GRANT EXECUTE has an effect.

test=> create function foo() returns integer as 'select 1' language sql;
CREATE FUNCTION
test=> revoke all on function foo() from public;
REVOKE
test=> grant execute on function foo() to user1;
GRANT
test=> \c - user1
You are now connected as new user "user1".
test=> select foo();
 foo 
-----
   1
(1 row)

test=> \c - user2
You are now connected as new user "user2".
test=> select foo();
ERROR:  permission denied for function foo

-- 
Michael Fuhr


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux