Search Postgresql Archives

Re: security permissions for functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"Ted Byers" <r.ted.byers@xxxxxxxxxx> writes:
> ... Can 
> I make a function as a part of a schema that is executable only by the owner 
> and other functions in the schema, and no-one else, and still have a 
> publically callable function in that schema invoke the "private" function? 

Certainly --- the point here is merely that that isn't the *default*
behavior.  We judged quite some time ago that allowing public execute
access was the most useful default.  Perhaps that was a bad choice, but
I think we're unlikely to change it now ...

> I mean the obvious statement, for the fine 
> tuning he appears to me to want to do, would be to follow the REVOKE 
> statement you show with a GRANT statement for a specific user.

Check.  Once you revoke the default public execute access, the function
is useless (well, except to superusers) until you grant somebody the
right to call it.

			regards, tom lane


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux