From: | Ayush Vatsa <ayushvatsa1810(at)gmail(dot)com> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: Clarification on View Privileges and Operator Execution in PostgreSQL |
Date: | 2024-04-07 18:02:36 |
Message-ID: | CACX+KaOH=wX-CBYw2tSowKNwKW2nMMLD1fVmeKGh_GyVjFJdpg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
> If you want to confirm what the documentation says create a custom
operator/function that alex is not permitted to execute and have them query
a view defined by postgres that uses that function.
Thanks for the suggestion, it helped and I found out alex could not execute
the view as it didn't have privileges for the function associated with
operator
But a small doubt arises here I have to revoke the execution of the
function using the command
REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public from public;
but when I tried
REVOKE EXECUTE ON FUNCTION text_equals(text,text) FROM alex;
or
REVOKE ALL ON FUNCTION text_equals(text,text) FROM alex;
It didn't work i.e alex can still execute text_equals function. Why is it
so?
Thanks
Ayush Vatsa
SDE AWS
On Sun, 7 Apr 2024 at 22:31, David G. Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>
wrote:
> On Sun, Apr 7, 2024 at 9:32 AM Ayush Vatsa <ayushvatsa1810(at)gmail(dot)com>
> wrote:
>
>> but who will execute the
>> > underlying function inside the ( > ) operator ? Is it postgres or alex?
>>
>>>
> I'm reasonably confident that all the built-in functions are security
> invoker. Not that a pure function like greater-than really cares.
>
> David J.
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | David G. Johnston | 2024-04-07 18:14:54 | Re: Clarification on View Privileges and Operator Execution in PostgreSQL |
Previous Message | David G. Johnston | 2024-04-07 17:01:18 | Re: Clarification on View Privileges and Operator Execution in PostgreSQL |