Re: Execute access on functions

On Wed, Mar 23, 2005 at 12:35:12 -0700, Kathy Smith <ksmith@lanl.gov> wrote:
> I want to control access (update, delete) to my tables and have done that 
> with other DBMSs using stored procedures.  Besides performance, I believe 
> that's one of the primary advantages of stored procedures.  I grant execute 
> on the procedure to a group containing the users with controlled update 
> access.  Never on the table.  I cannot seem to find the equivalent in 
> postgres.  I had hoped to be able to do this with user-defined functions 
> but the following statement implies that if the SECURITY DEFINER is used, 
> that *anyone* who can get to that function can execute it.  Hardly the 
> solution I am looking for.  The alternative being that I must grant update 
> to the table :(
> 
> The CREATE FUNCTION clause SECURITY DEFINER makes the function run with the 
> privileges of the user who created it. Otherwise, the INVOKER's privileges 
> are used.
> 
> Am I missing something here?  Is there another way?

You can control who can execute the function. By default 'public' can execute
functions, but you can revoke that access.