7.3 function permissions (was Re: Making small bits of code available)

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Bruno Wolff III wrote:
>> Should I leave the grants in, leave that to the administrator or provide
>> a separate script?

> I would not add the grants.

Actually I disagree.  Bruno's comment made me realize that all the
contrib scripts that create functions are now effectively broken,
because they create functions that are not callable by anyone
except the creating user.  99% of the time that will be wrong.

The scripts were all written under the assumption that the functions
they create would be callable by world.  I think we should add explicit
GRANT EXECUTE TO PUBLIC commands to them to maintain
backwards-compatible behavior.

If there's anyone who does not want that result, they can easily edit
the script before they run it.  Adding missing GRANTs to a creation
script is a lot harder than commenting out ones you don't want ...

>> If I do that, do I have to grant public access to internal functions
>> (used for the gist index) or can I just make the ones meant for users

Don't believe it matters.  Anything taking an INTERNAL parameter cannot
be called manually anyway.

            regards, tom lane