From: | "Walker, Jed S" <Jed_Walker(at)cable(dot)comcast(dot)com> |
---|---|
To: | "Walker, Jed S" <Jed_Walker(at)cable(dot)comcast(dot)com>, 'Tom Lane' <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | "'pgsql-novice(at)postgresql(dot)org'" <pgsql-novice(at)postgresql(dot)org> |
Subject: | Re: Execute function without execute privilege |
Date: | 2005-05-06 15:28:17 |
Message-ID: | 41669DC6FE3B80449A33A4DD46DB370A0D1EE70F@entcoexch15.broadband.att.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
Another question, if we put functions into a schema and then use "grant
usage" on the schema is that considered an OK practice in postgresql to
limit users to a group of functions (I assume they would still have to have
usage on the schema to get to them).
-----Original Message-----
From: Walker, Jed S
Sent: Friday, May 06, 2005 8:46 AM
To: 'Tom Lane'
Cc: 'pgsql-novice(at)postgresql(dot)org'
Subject: RE: [NOVICE] Execute function without execute privilege
Do you mean that when I create a function an implicit "grant execute on
function" is done? If so, we would have to do a revoke with each grant. Or,
do you mean there is a public grant to "execute any function" that I can
just remove when I create the database (and if so, how?)
-----Original Message-----
From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
Sent: Thursday, May 05, 2005 2:24 PM
To: Walker, Jed S
Cc: 'pgsql-novice(at)postgresql(dot)org'
Subject: Re: [NOVICE] Execute function without execute privilege
"Walker, Jed S" <Jed_Walker(at)cable(dot)comcast(dot)com> writes:
> I discovered today that when I create a function in a schema that
> another user has "grant usage" on, they are able to execute the
> function even though I've not granted them "execute" on the function.
> Is this normal behavior (from the manual I don't believe it is)?
Yes, it is, because the default for functions is to grant PUBLIC EXECUTE
access. Revoke that if you don't want it.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2005-05-06 15:43:34 | Re: Execute function without execute privilege |
Previous Message | Walker, Jed S | 2005-05-06 14:45:41 | Re: Execute function without execute privilege |