I am trying to write something that will enumerate grants/revokes on
functions to make sure they are adjusted properly after said function is
drop/recreated, should that happen. This will also be used to validate
that permissions are what they should be.
According to:
http://www.postgresql.org/docs/9.2/static/sql-createfunction.html
} Another point to keep in mind is that by default, execute privilege
} is granted to PUBLIC for newly created functions (see GRANT for
} more information). Frequently you will wish to restrict use of a
} security definer function to only some users. To do that, you must
} revoke the default PUBLIC privileges and then grant execute privilege
} selectively. To avoid having a window where the new function is
} accessible to all, create it and set the privileges within a single
} transaction.
This revocation from public happens in our environment. Trouble is, I
can not find where an indiciation that execute has been revoked from
public in pg_catalog.pg_proc (or any other table for that matter). Is
there a way to find this somewhere in the catalog?
Apologies if this should be obvious. I'm sure I will find it as soon as
I hit send. :-)
thanks,
-Todd