Re: Clarification on View Privileges and Operator Execution in PostgreSQL

Understood.
Thanks David it was a nice conversation and clarification from you

Regards
Ayush Vatsa

On Sun, 7 Apr 2024 at 23:45, David G. Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>
wrote:

> On Sun, Apr 7, 2024 at 11:02 AM Ayush Vatsa <ayushvatsa1810(at)gmail(dot)com>
> wrote:
>
>> > If you want to confirm what the documentation says create a custom
>> operator/function that alex is not permitted to execute and have them query
>> a view defined by postgres that uses that function.
>> Thanks for the suggestion, it helped and I found out alex could not
>> execute the view as it didn't have privileges for the function associated
>> with operator
>>
>> But a small doubt arises here I have to revoke the execution of the
>> function using the command
>> REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public from public;
>> but when I tried
>> REVOKE EXECUTE ON FUNCTION text_equals(text,text) FROM alex;
>> or
>> REVOKE ALL ON FUNCTION text_equals(text,text) FROM alex;
>> It didn't work i.e alex can still execute text_equals function. Why is it
>> so?
>>
>>>
>>>
> See https://www.postgresql.org/docs/current/ddl-priv.html
> Especially the part regarding default privileges. The PUBLIC pseudo-role
> is granted execute on functions by default. You are probably trying to
> revoke a privilege from alex that was never granted to alex directly.
>
> David J.
>
>