On Thursday, February 1, 2018, Andrew Bartley <ambart...@gmail.com> wrote:
> Hi all, > > I am trying to work out a way to create a roll/user that can only execute > one particular function and nothing else. The particular function has been > created with "SECURITY DEFINER". > Never tried it but "REVOKE PUBLIC FROM role" then "GRANT ... TO role" would ideally work. Not simple since every role is a member of PUBLIC from which they all inherit useful defaults. You can remove those defaults and the already granted privileges from PUBLIC and then add them back to some super-role group that everyone but this user belongs too. Then only add the one grant you desire to this user. David J.
