Re: Clarification on View Privileges and Operator Execution in PostgreSQL

Поиск
Список
Период
Сортировка
От Ayush Vatsa
Тема Re: Clarification on View Privileges and Operator Execution in PostgreSQL
Дата
Msg-id CACX+KaOrOr-QgX-RX0RaFj6qbgytCP2HKH=AH7rooe_wdpdmPg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Clarification on View Privileges and Operator Execution in PostgreSQL  ("David G. Johnston" <david.g.johnston@gmail.com>)
Список pgsql-general
Дерево обсуждения
Understood.
Thanks David it was a nice conversation and clarification from you

Regards 
Ayush Vatsa

On Sun, 7 Apr 2024 at 23:45, David G. Johnston <david.g.johnston@gmail.com> wrote:
On Sun, Apr 7, 2024 at 11:02 AM Ayush Vatsa <ayushvatsa1810@gmail.com> wrote:
> If you want to confirm what the documentation says create a custom operator/function that alex is not permitted to execute and have them query a view defined by postgres that uses that function.
Thanks for the suggestion, it helped and I found out alex could not execute the view as it didn't have privileges for the function associated with operator

But a small doubt arises here I have to revoke the execution of the function using the command 
REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public from public;
but when I tried 
REVOKE EXECUTE ON FUNCTION text_equals(text,text) FROM alex;
or
REVOKE ALL ON FUNCTION text_equals(text,text) FROM alex;
It didn't work i.e alex can still execute text_equals function. Why is it so?


See https://www.postgresql.org/docs/current/ddl-priv.html
Especially the part regarding default privileges.  The PUBLIC pseudo-role is granted execute on functions by default.  You are probably trying to revoke a privilege from alex that was never granted to alex directly.

David J.

В списке pgsql-general по дате отправления: