Skip site navigation (1) Skip section navigation (2)

Re: Execute access on functions

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Kathy Smith <ksmith(at)lanl(dot)gov>
Cc: pgsql-interfaces(at)postgresql(dot)org, clittle(at)lanl(dot)gov
Subject: Re: Execute access on functions
Date: 2005-03-23 20:10:16
Message-ID: 20050323201016.GA30776@wolff.to (view raw or flat)
Thread:
Lists: pgsql-interfaces
On Wed, Mar 23, 2005 at 12:35:12 -0700,
  Kathy Smith <ksmith(at)lanl(dot)gov> wrote:
> I want to control access (update, delete) to my tables and have done that 
> with other DBMSs using stored procedures.  Besides performance, I believe 
> that's one of the primary advantages of stored procedures.  I grant execute 
> on the procedure to a group containing the users with controlled update 
> access.  Never on the table.  I cannot seem to find the equivalent in 
> postgres.  I had hoped to be able to do this with user-defined functions 
> but the following statement implies that if the SECURITY DEFINER is used, 
> that *anyone* who can get to that function can execute it.  Hardly the 
> solution I am looking for.  The alternative being that I must grant update 
> to the table :(
> 
> The CREATE FUNCTION clause SECURITY DEFINER makes the function run with the 
> privileges of the user who created it. Otherwise, the INVOKER's privileges 
> are used.
> 
> Am I missing something here?  Is there another way?

You can control who can execute the function. By default 'public' can execute
functions, but you can revoke that access.

In response to

pgsql-interfaces by date

Next:From: Larry SchmidDate: 2005-03-23 22:43:34
Subject:
Previous:From: Kathy SmithDate: 2005-03-23 19:35:12
Subject: Execute access on functions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group