Обсуждение: Problem with function permissions

I had the following behaviour reported by a pgAdmin user on PostgreSQL
7.3 (reproduced here on 7.3rc1 as it's all I have right now):

dave=# create function dave.testfunc() returns int4 as 'select 1 + 2'
language sql;
CREATE FUNCTION
dave=# select proacl from pg_proc where proname = 'testfunc';proacl
--------

(1 row)

dave=# grant execute on function dave.testfunc() to webmstrz;
GRANT
dave=# select proacl from pg_proc where proname = 'testfunc';          proacl
----------------------------{=X,postgres=X,webmstrz=X}
(1 row)

I would not have expected public to now have execute permission. Any
reason for this, or is it a bug?

Regards, Dave.

"Dave Page" <dpage@vale-housing.co.uk> writes:
> I would not have expected public to now have execute permission. Any
> reason for this, or is it a bug?

The default permissions for functions grant execute to public; the
system is just instantiating that default when you do an explicit grant.

The original implementation of function permissions didn't grant
anything to public, but we concluded that that would break too many
applications to be a reasonable default.
        regards, tom lane

> -----Original Message-----
> From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
> Sent: 12 December 2002 16:48
> To: Dave Page
> Cc: pgsql-hackers@postgresql.org
> Subject: Re: [HACKERS] Problem with function permissions
>
>
> "Dave Page" <dpage@vale-housing.co.uk> writes:
> > I would not have expected public to now have execute
> permission. Any
> > reason for this, or is it a bug?
>
> The default permissions for functions grant execute to
> public; the system is just instantiating that default when
> you do an explicit grant.
>
> The original implementation of function permissions didn't
> grant anything to public, but we concluded that that would
> break too many applications to be a reasonable default.

OK, thanks.

Regards, Dave.