On Fri, 2024-06-07 at 13:54 +0000, Zwettler Markus (OIZ) wrote: > > Another point to keep in mind is that by default, execute privilege is > > granted to > > PUBLIC for newly created functions (see Section 5.7 for more information). > > Argh. No! What a bad habit! > > Might be good idea for an enhancement request to create a global parameter to > disable this habit.
I don't see the problem, since the default execution mode for functions is SECURITY INVOKER. But you can easily change that: ALTER DEFAULT PRIVILEGES FOR ROLE function_creator REVOKE EXECUTE ON FUNCTION FROM PUBLIC; Yours, Laurenz Albe
