From: | Murat Tasan <murat(dot)tasan(at)cwru(dot)edu> |
---|---|
To: | pgsql-novice(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Subject: | Re: function privileges |
Date: | 2006-02-03 16:27:47 |
Message-ID: | 5E51EF19-3E23-41BD-B98F-FACB6D5774C2@cwru.edu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
On 2 Feb 2006, at 23:57, Tom Lane wrote:
> Murat Tasan <murat(dot)tasan(at)cwru(dot)edu> writes:
>> If user A comes along and has no SELECT privileges on T, but has
>> EXECUTE privileges on F, A is not permitted to run the function, with
>> an error stating access to T is needed.
All within schema "public"...
Let T be a table (say with primary key "id" and column "name") with
no SELECT privileges for user A.
Now, as the owner of the database, execute
CREATE FUNCTION F(T.id%TYPE) RETURNS T.name%TYPE AS $$ SELECT name
FROM T WHERE id = $1; $$ LANGUAGE SQL;
Now login as user A and try:
SELECT * FROM F(69);
(and let 69 be some id in T).
The execution fails, stating that user A doesn't have SELECT
privileges on T.
>> Now, if user B comes along and has SELECT privileges on T, but not
>> EXECUTE privileges on F, B is permitted to run the function.
This latter problem has been addressed by Michael Fuhr's email, I
didn't realize all new functions had PUBLIC execution permissions by
default, so revoking B's permissions to execute F don't make a
difference until I revoke PUBLIC's permissions as well. In fact, I
didn't see this anywhere in the documentation, although that's
probably my fault from my frequent speed-reading ;-)
> I don't think I believe either of the above statements. Perhaps you
> could provide a complete example of what you're doing?
>
> regards, tom lane
Thanks again for all the help!
Murat
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2006-02-03 16:34:29 | Re: function privileges |
Previous Message | Tom Lane | 2006-02-03 15:21:45 | Re: How do I interpret the data returned from a DeadLock-Exception?(Java) |