| From: | Todd Kover <kovert(at)omniscient(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Discerning when functions had execute revoked from public |
| Date: | 2013-01-08 21:26:54 |
| Message-ID: | 201301082126.r08LQsHZ026074@guinness.omniscient.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I am trying to write something that will enumerate grants/revokes on
functions to make sure they are adjusted properly after said function is
drop/recreated, should that happen. This will also be used to validate
that permissions are what they should be.
According to:
http://www.postgresql.org/docs/9.2/static/sql-createfunction.html
} Another point to keep in mind is that by default, execute privilege
} is granted to PUBLIC for newly created functions (see GRANT for
} more information). Frequently you will wish to restrict use of a
} security definer function to only some users. To do that, you must
} revoke the default PUBLIC privileges and then grant execute privilege
} selectively. To avoid having a window where the new function is
} accessible to all, create it and set the privileges within a single
} transaction.
This revocation from public happens in our environment. Trouble is, I
can not find where an indiciation that execute has been revoked from
public in pg_catalog.pg_proc (or any other table for that matter). Is
there a way to find this somewhere in the catalog?
Apologies if this should be obvious. I'm sure I will find it as soon as
I hit send. :-)
thanks,
-Todd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kirk Wythers | 2013-01-08 22:19:59 | query by partial timestamp |
| Previous Message | ledocf | 2013-01-08 18:38:08 | Getting PLPython to work with PostgreSQL 9.2 |