| From: | Rikard Pavelic <rikard(dot)pavelic(at)zg(dot)htnet(dot)hr> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: security permissions for functions |
| Date: | 2007-03-08 19:08:26 |
| Message-ID: | 45F05F2A.50406@zg.htnet.hr |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tom Lane wrote:
> No, it's operating as designed. Per the GRANT reference page:
> : Depending on the type of object, the initial default privileges may
> : include granting some privileges to PUBLIC. The default is no public
> : access for tables, schemas, and tablespaces; CONNECT privilege and TEMP
> : table creation privilege for databases; EXECUTE privilege for functions;
> : and USAGE privilege for languages. The object owner may of course revoke
> : these privileges. (For maximum security, issue the REVOKE in the same
> : transaction that creates the object; then there is no window in which
> : another user may use the object.)
>
> You'll need to revoke the default public EXECUTE privilege on any
> functions you don't want to be callable.
>
> regards, tom lane
>
Hmm, so the answer to my question
"How can I assign execute permission to a role for a single function
inside schema."
is I can't?
So this basically means that I can't fine tune the permissions through
functions, but I
can through views and tables?
This looks like a bug in design to me ;(
Regards,
Rikard
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Devrim GÜNDÜZ | 2007-03-08 19:25:27 | Re: Postgres Mailing List management solution |
| Previous Message | Omar Eljumaily | 2007-03-08 19:06:28 | Re: OT: Canadian Tax Database |