From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | "Tefft, Michael J" <Michael(dot)J(dot)Tefft(at)snapon(dot)com> |
Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Removing the default grant of EXECUTE on functions/procedures to PUBLIC |
Date: | 2024-07-05 14:49:34 |
Message-ID: | CAKFQuwahMtaCfR+ifpm_jssA-+W4OEnXXXs_ce6+mYniqoCsQQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Friday, July 5, 2024, Tefft, Michael J <Michael(dot)J(dot)Tefft(at)snapon(dot)com>
wrote:
> I am trying to remove the default grant of EXECUTE on all
> functions/procedures to PUBLIC.
>
> From my reading, there is no straightforward way to do this. For example,
>
> ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC;
>
> Does not apply this across the entire cluster (or database) but only
> applies to the role who issued it (and objects yet to be created by that
> role) .
>
> So I am arriving at the conclusion that I need to alter the default
> privileges for every existing role (which I expected), and ensure that
> default privileges are altered for every new role that is created going
> forward.
>
>
>
> Have I analyzed this correctly?
>
>
>
Only those roles that have create privilege on one or more schemas. That
should be a reasonably finite and static set.
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2024-07-05 14:51:01 | Re: Removing the default grant of EXECUTE on functions/procedures to PUBLIC |
Previous Message | Tefft, Michael J | 2024-07-05 14:45:11 | Removing the default grant of EXECUTE on functions/procedures to PUBLIC |