From: | Joel Jacobson <joel(at)trustly(dot)com> |
---|---|
To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: GRANT EXECUTE ON FUNCTION foo() TO bar(); |
Date: | 2017-02-22 08:20:14 |
Message-ID: | CAASwCXe4tTV8K0URgh_1njypJykB9wZOL1NVJ=VsNrZsovTm=A@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Feb 22, 2017 at 9:07 AM, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> wrote:
> Usage of X functions can be locked in schema.
I think that's also a good idea. Both are useful I think. They solve
two different use-cases.
If there are multiple callers of a private function within a schema,
it would be useful if you could just declare it PRIVATE,
to prevent any top-level usage of the function,
and to prevent any other function than functions in the same schema
from calling it.
This would be similar to how e.g. a private method in a Java class can
be called by any other method in the same class.
I think that's also a useful idea, but a different use-case.
This would be useful if you have lots of callers of a function,
and it would of course be tedious if you had to explicitly GRANT EXECUTE
for each function that you want should be allowed to call the function.
In that case, a PRIVATE declaration of the function would be better.
But if it is important a function is absolutely not called by any
other function than a a single very specific function,
then it would be better with a specific GRANT EXECUTE ON FUNCTION
foo() to bar() in the function definition file for bar(),
which would make it clear to a developer looking at the bar() source
code that the function is only supposed to be called by foo().
But like I said, I also like your PRIVATE idea. I think most functions
in my schemas would actually be PRIVATE, and only a few would be
PUBLIC, since you usually have more internal functions in a schema,
that are not supposed to be called outside of the schema and doesn't
even make sense outside of the schema.
From | Date | Subject | |
---|---|---|---|
Next Message | Amit Langote | 2017-02-22 08:20:42 | Re: Partitioned tables and relfilenode |
Previous Message | Pavel Stehule | 2017-02-22 08:07:12 | Re: GRANT EXECUTE ON FUNCTION foo() TO bar(); |