Re: Separating function privileges from tables

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Barry Brown <barry(at)cs(dot)sierracollege(dot)edu>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Separating function privileges from tables
Date: 2007-05-04 02:31:36
Message-ID: 9323.1178245896@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Barry Brown <barry(at)cs(dot)sierracollege(dot)edu> writes:
> It's nice that privileges on views are separate from the privileges
> on its underlying tables. For example, if view V queries tables A and
> B, I only need to grant SELECT on the view to another user; tables A
> and B can have that privilege revoked and the view works.

> Are there plans to extend similar behavior to functions? That is, can
> I simply grant EXECUTE on the function and not have to worry about
> granting the appropriate privileges to the tables used by the function?

I think you are looking for SECURITY DEFINER function option.

regards, tom lane

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Mike Frysinger 2007-05-04 02:39:47 Re: cant get pg_dump/pg_restore to behave
Previous Message Tom Lane 2007-05-04 02:30:12 Re: Dangers of fsync = off