Search Postgresql Archives

Re: security permissions for functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tom Lane wrote:
No, it's operating as designed. Per the GRANT reference page:
: Depending on the type of object, the initial default privileges may
: include granting some privileges to PUBLIC. The default is no public
: access for tables, schemas, and tablespaces; CONNECT privilege and TEMP
: table creation privilege for databases; EXECUTE privilege for functions;
: and USAGE privilege for languages. The object owner may of course revoke
: these privileges. (For maximum security, issue the REVOKE in the same
: transaction that creates the object; then there is no window in which
: another user may use the object.)

You'll need to revoke the default public EXECUTE privilege on any
functions you don't want to be callable.

			regards, tom lane

Hmm, so the answer to my question
"How can I assign execute permission to a role for a single function inside schema."
is I can't?

So this basically means that I can't fine tune the permissions through functions, but I
can through views and tables?
This looks like a bug in design to me ;(

Regards,
Rikard


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux