Re: Clarification on View Privileges and Operator Execution in PostgreSQL

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: Clarification on View Privileges and Operator Execution in PostgreSQL
Дата
Msg-id CAKFQuwZ+9-BTgn4R6PCiBHHD+g5FEfNM=coCJNLra1n0bo8nBg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Clarification on View Privileges and Operator Execution in PostgreSQL  (Ayush Vatsa <ayushvatsa1810@gmail.com>)
Ответы Re: Clarification on View Privileges and Operator Execution in PostgreSQL
Список pgsql-general
Дерево обсуждения
On Sun, Apr 7, 2024 at 11:02 AM Ayush Vatsa <ayushvatsa1810@gmail.com> wrote:
> If you want to confirm what the documentation says create a custom operator/function that alex is not permitted to execute and have them query a view defined by postgres that uses that function.
Thanks for the suggestion, it helped and I found out alex could not execute the view as it didn't have privileges for the function associated with operator

But a small doubt arises here I have to revoke the execution of the function using the command 
REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public from public;
but when I tried 
REVOKE EXECUTE ON FUNCTION text_equals(text,text) FROM alex;
or
REVOKE ALL ON FUNCTION text_equals(text,text) FROM alex;
It didn't work i.e alex can still execute text_equals function. Why is it so?


See https://www.postgresql.org/docs/current/ddl-priv.html
Especially the part regarding default privileges.  The PUBLIC pseudo-role is granted execute on functions by default.  You are probably trying to revoke a privilege from alex that was never granted to alex directly.

David J.

В списке pgsql-general по дате отправления: