| From: | "Walker, Jed S" <Jed_Walker(at)cable(dot)comcast(dot)com> |
|---|---|
| To: | 'Tom Lane' <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "'pgsql-novice(at)postgresql(dot)org'" <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: Execute function without execute privilege |
| Date: | 2005-05-06 14:45:41 |
| Message-ID: | 41669DC6FE3B80449A33A4DD46DB370A0D1EE70B@entcoexch15.broadband.att.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Do you mean that when I create a function an implicit "grant execute on
function" is done? If so, we would have to do a revoke with each grant. Or,
do you mean there is a public grant to "execute any function" that I can
just remove when I create the database (and if so, how?)
-----Original Message-----
From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
Sent: Thursday, May 05, 2005 2:24 PM
To: Walker, Jed S
Cc: 'pgsql-novice(at)postgresql(dot)org'
Subject: Re: [NOVICE] Execute function without execute privilege
"Walker, Jed S" <Jed_Walker(at)cable(dot)comcast(dot)com> writes:
> I discovered today that when I create a function in a schema that
> another user has "grant usage" on, they are able to execute the
> function even though I've not granted them "execute" on the function.
> Is this normal behavior (from the manual I don't believe it is)?
Yes, it is, because the default for functions is to grant PUBLIC EXECUTE
access. Revoke that if you don't want it.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Walker, Jed S | 2005-05-06 15:28:17 | Re: Execute function without execute privilege |
| Previous Message | Michael Fuhr | 2005-05-06 13:33:46 | Re: cursor problem |