| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Rikard Pavelic <rikard(dot)pavelic(at)zg(dot)htnet(dot)hr> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: security permissions for functions |
| Date: | 2007-03-08 17:26:07 |
| Message-ID: | 9756.1173374767@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Rikard Pavelic <rikard(dot)pavelic(at)zg(dot)htnet(dot)hr> writes:
> Is this a bug or something?
No, it's operating as designed. Per the GRANT reference page:
: Depending on the type of object, the initial default privileges may
: include granting some privileges to PUBLIC. The default is no public
: access for tables, schemas, and tablespaces; CONNECT privilege and TEMP
: table creation privilege for databases; EXECUTE privilege for functions;
: and USAGE privilege for languages. The object owner may of course revoke
: these privileges. (For maximum security, issue the REVOKE in the same
: transaction that creates the object; then there is no window in which
: another user may use the object.)
You'll need to revoke the default public EXECUTE privilege on any
functions you don't want to be callable.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | araza | 2007-03-08 17:38:16 | Re: How to force planner to use GiST index? |
| Previous Message | Alvaro Herrera | 2007-03-08 17:16:00 | Re: Tabulate data incrementally |