Re: Alter Default Privileges Does Not Work For Functions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "David Johnston" <polobo(at)yahoo(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Alter Default Privileges Does Not Work For Functions
Date: 2011-02-15 00:04:33
Message-ID: 23604.1297728273@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

"David Johnston" <polobo(at)yahoo(dot)com> writes:
> After creating and logging into a new database run this script. The
> initial ALTER DEFAULT PRIVILEGES should make all users unable to execute
> functions unless given explicit permissions elsewhere.

You haven't read the fine manual very closely. It saith

Default privileges that are specified per-schema are added to
whatever the global default privileges are for the particular
object type.

and

As explained under GRANT, the default privileges for any object
type normally grant all grantable permissions to the object
owner, and may grant some privileges to PUBLIC as well. However,
this behavior can be changed by altering the global default
privileges with ALTER DEFAULT PRIVILEGES.

If you want to revoke the default execute privileges for functions, you
have to do it globally, ie, not per-schema. There's no way to reduce
the default privileges at the per-schema level.

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Derrick Rice 2011-02-15 00:13:51 Speeding up index scans by truncating timestamp?
Previous Message deepak 2011-02-14 22:28:36 Building extensions on Windows using VS2008