| From: | Michael Fuhr <mike(at)fuhr(dot)org> |
|---|---|
| To: | Rajarshi Mukherjee <mukherjee(dot)rajarshi(at)gmail(dot)com> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: grant problem |
| Date: | 2005-03-23 06:58:36 |
| Message-ID: | 20050323065836.GA39293@winnie.fuhr.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On Wed, Mar 23, 2005 at 12:09:33PM +0530, Rajarshi Mukherjee wrote:
> i am ony giving usage grant on a function in my schema to another user.
I think you mean you're granting usage on the schema -- "USAGE"
isn't a valid privilege type for functions.
> Then how come he's been able to execute the function in the following way?
>
> select ins.validate('nyname','mypassword');
The default privilege for functions grants EXECUTE to PUBLIC, so if
you've granted USAGE on the schema then users can execute functions
in that schema.
> But if i don't give usage grant and straight way give execute grant on
> the function, the user gets an error:- permission denied for schema
> ins.
Users who don't have USAGE on the function's schema won't be able
to execute the function, regardless of the function's privileges.
Think of the schema as a container: if you don't have privilege on
the container, then you can't access anything inside the container.
> i want to give the user execute grant on a particular funtion in my
> schema and not all functions.
Grant USAGE on the schema, and revoke EXECUTE on the functions you
don't want people to execute.
--
Michael Fuhr
http://www.fuhr.org/~mfuhr/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Cima | 2005-03-23 07:05:12 | Deleting data bases and tables? |
| Previous Message | Cima | 2005-03-23 06:40:22 | pgsql.so |