| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Ted Byers" <r(dot)ted(dot)byers(at)rogers(dot)com> |
| Cc: | "Postgres general mailing list" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: security permissions for functions |
| Date: | 2007-03-09 06:07:23 |
| Message-ID: | 21847.1173420443@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Ted Byers" <r(dot)ted(dot)byers(at)rogers(dot)com> writes:
> ... Can
> I make a function as a part of a schema that is executable only by the owner
> and other functions in the schema, and no-one else, and still have a
> publically callable function in that schema invoke the "private" function?
Certainly --- the point here is merely that that isn't the *default*
behavior. We judged quite some time ago that allowing public execute
access was the most useful default. Perhaps that was a bad choice, but
I think we're unlikely to change it now ...
> I mean the obvious statement, for the fine
> tuning he appears to me to want to do, would be to follow the REVOKE
> statement you show with a GRANT statement for a specific user.
Check. Once you revoke the default public execute access, the function
is useless (well, except to superusers) until you grant somebody the
right to call it.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Patrick TJ McPhee | 2007-03-09 06:12:27 | Re: OT: Canadian Tax Database |
| Previous Message | Craig White | 2007-03-09 06:02:24 | Re: Anyone know a good opensource CRM that actually installs with Posgtres? |