| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | akp geek <akpgeek(at)gmail(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org>, osvaldo(dot)kussama(at)gmail(dot)com |
| Subject: | Re: Error 42501 permission denied for schema |
| Date: | 2010-03-26 18:19:09 |
| Message-ID: | 17995.1269627549@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
akp geek <akpgeek(at)gmail(dot)com> writes:
> Sorry for the confusion that I have caused
> - roles > role1 , role2
> - schemas > schema1, schema2
> - GRANT USAGE ON SCHEMA schema1 TO role2;
> - create function fnc_name(IN i_id numeric)
> - function is created using role2
> I ended up getting the error
> ERROR: permission denied for schema schema1
Well, keep in mind that what normally counts for a function's queries
is the permissions of the *caller*, not the owner. If you want the
function to be able to do things regardless of who's calling it, mark
it SECURITY DEFINER, and then it runs with the owner's permissions.
Beware that malicious users might be able to subvert a SECURITY DEFINER
function to make it do something unintended ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ehsan Haq | 2010-03-26 18:25:56 | Moving data directory from one server to another |
| Previous Message | Chris Barnes | 2010-03-26 17:51:55 | Re: Does anyone use in ram postgres database? |