| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Andrew Bartley <ambartley(at)gmail(dot)com> |
| Cc: | Pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Rolls |
| Date: | 2018-02-01 21:43:50 |
| Message-ID: | CAKFQuwaW4YepmoGe4p_H9S4WZZoNVVNkACecfEAfAt0msnBmVw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thursday, February 1, 2018, Andrew Bartley <ambartley(at)gmail(dot)com> wrote:
> Hi all,
>
> I am trying to work out a way to create a roll/user that can only execute
> one particular function and nothing else. The particular function has been
> created with "SECURITY DEFINER".
>
Never tried it but "REVOKE PUBLIC FROM role" then "GRANT ... TO role" would
ideally work.
Not simple since every role is a member of PUBLIC from which they all
inherit useful defaults. You can remove those defaults and the already
granted privileges from PUBLIC and then add them back to some super-role
group that everyone but this user belongs too. Then only add the one grant
you desire to this user.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | raf | 2018-02-01 22:25:04 | Re: Recreating functions after starting the database server. |
| Previous Message | Andrew Bartley | 2018-02-01 21:42:45 | Re: Rolls |