Re: [HACKERS] GRANT EXECUTE ON FUNCTION foo() TO bar();

On 2/22/17 2:51 AM, Pavel Stehule wrote:
> The solution based on rights is elegant, but in this moment I cannot to
> see all possible impacts on performance - because it means new check for
> any call of any function. Maybe checking call stack can be good enough -
> I have not idea how often use case it it.

I think the simple solution to that is not to use proacl for this 
purpose but to add an oidvector to pg_proc that is a list of allowed 
callers. If the vector is kept sorted then it's a simple binary search.

BTW, I agree that this feature would be useful, as would PRIVATE, but 
they're two separate features.
-- 
Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
Experts in Analytics, Data Architecture and PostgreSQL
Data in Trouble? Get it in Treble! http://BlueTreble.com
855-TREBLE2 (855-873-2532)