| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Tefft, Michael J" <Michael(dot)J(dot)Tefft(at)snapon(dot)com> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Removing the default grant of EXECUTE on functions/procedures to PUBLIC |
| Date: | 2024-07-05 18:22:08 |
| Message-ID: | 326041.1720203728@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Tefft, Michael J" <Michael(dot)J(dot)Tefft(at)snapon(dot)com> writes:
> I was checking pg_roles.acl_default to see if my role-level ALTER DEFAULT PRIVILEGES had been effective. But I see the same content both before and after the ALTEr.
Er, what? There's no column named acl_default in pg_roles, nor any
other standard PG view.
psql's "\ddp" command is the most usual way to examine current
defaults:
regression=# create user joe;
CREATE ROLE
regression=# ALTER DEFAULT PRIVILEGES FOR USER joe REVOKE EXECUTE ON FUNCTIONS FROM public;
ALTER DEFAULT PRIVILEGES
regression=# \ddp
Default access privileges
Owner | Schema | Type | Access privileges
-------+--------+----------+-------------------
joe | | function | joe=X/joe
(1 row)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tefft, Michael J | 2024-07-05 18:42:54 | RE: Removing the default grant of EXECUTE on functions/procedures to PUBLIC |
| Previous Message | Dennis White | 2024-07-05 18:12:27 | Can a long running procedure detect when smart shutdown is pending? |