Обсуждение: permissions PB


permissions PB

"Jean-Yves F. Barbier"
Hi list,

The DB owner created a function as:
CREATE FUNCTION mysch.testaddint(int, int)
RETURNS int AS $$ SELECT $1+$2 $$LANGUAGE sql;

When usr1 is granted usage on domain mysch he can execute this function.
(which is strange as owner didn't grant execute on this fnct,
 I guess this is default behavior and thus ok.)

Until here, almost no PB, but after owner's:
REVOKE ALL ON FUNCTION mysch.testaddint(int, int) FROM usr1;

usr1 still can execute the function!? (#@<!>&)

Did I missed something somewhere?

Brain damage is all in your head.
        -- Karl Lehenbauer

Re: permissions PB [SOLVED]

"Jean-Yves F. Barbier"
On Tue, 14 Jun 2011 02:39:29 +0200, "Jean-Yves F. Barbier" <12ukwn@gmail.com>

I didn't remember that 'public' needed to be revoked before permission could
be effective - sorry for the noise.

> The DB owner created a function as:
> CREATE FUNCTION mysch.testaddint(int, int)
> RETURNS int AS $$ SELECT $1+$2 $$LANGUAGE sql;
> When usr1 is granted usage on domain mysch he can execute this function.
> (which is strange as owner didn't grant execute on this fnct,
>  I guess this is default behavior and thus ok.)
> Until here, almost no PB, but after owner's:
> REVOKE ALL ON FUNCTION mysch.testaddint(int, int) FROM usr1;
> usr1 still can execute the function!? (#@<!>&)
> Did I missed something somewhere?
> JY

A male gynecologist is like an auto mechanic who has never owned a car.
        -- Carrie Snow