| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Ayush Vatsa <ayushvatsa1810(at)gmail(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Clarification on View Privileges and Operator Execution in PostgreSQL |
| Date: | 2024-04-07 18:14:54 |
| Message-ID: | CAKFQuwZ+9-BTgn4R6PCiBHHD+g5FEfNM=coCJNLra1n0bo8nBg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Sun, Apr 7, 2024 at 11:02 AM Ayush Vatsa <ayushvatsa1810(at)gmail(dot)com>
wrote:
> > If you want to confirm what the documentation says create a custom
> operator/function that alex is not permitted to execute and have them query
> a view defined by postgres that uses that function.
> Thanks for the suggestion, it helped and I found out alex could not
> execute the view as it didn't have privileges for the function associated
> with operator
>
> But a small doubt arises here I have to revoke the execution of the
> function using the command
> REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public from public;
> but when I tried
> REVOKE EXECUTE ON FUNCTION text_equals(text,text) FROM alex;
> or
> REVOKE ALL ON FUNCTION text_equals(text,text) FROM alex;
> It didn't work i.e alex can still execute text_equals function. Why is it
> so?
>
>>
>>
See https://www.postgresql.org/docs/current/ddl-priv.html
Especially the part regarding default privileges. The PUBLIC pseudo-role
is granted execute on functions by default. You are probably trying to
revoke a privilege from alex that was never granted to alex directly.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ayush Vatsa | 2024-04-07 18:22:47 | Re: Clarification on View Privileges and Operator Execution in PostgreSQL |
| Previous Message | Ayush Vatsa | 2024-04-07 18:02:36 | Re: Clarification on View Privileges and Operator Execution in PostgreSQL |