On Fri, Mar 09, 2007 at 01:07:23 -0500,
Tom Lane <[EMAIL PROTECTED]> wrote:
>
> Certainly --- the point here is merely that that isn't the *default*
> behavior. We judged quite some time ago that allowing public execute
> access was the most useful default. Perhaps that was a bad choice, but
>
In response to "Ted Byers" <[EMAIL PROTECTED]>:
> >
> > Functions are controlled by the same ACL mechanism that tables and
> > everything
> > else follows. Thus you have the idea of "user id X may do Y with object
> > Z"
> > i.e. "user "barbara" may "execute" function "somefunction()".
> >
> > B
"Ted Byers" <[EMAIL PROTECTED]> writes:
> ... Can
> I make a function as a part of a schema that is executable only by the owner
> and other functions in the schema, and no-one else, and still have a
> publically callable function in that schema invoke the "private" function?
Certainly --- the
Functions are controlled by the same ACL mechanism that tables and
everything
else follows. Thus you have the idea of "user id X may do Y with object
Z"
i.e. "user "barbara" may "execute" function "somefunction()".
But there's no real way to alter those permissions outside of changing the
us
In response to "Ted Byers" <[EMAIL PROTECTED]>:
>
> - Original Message -
> From: "Bill Moran" <[EMAIL PROTECTED]>
>
> > In response to Rikard Pavelic <[EMAIL PROTECTED]>:
> >
> >> Tom Lane wrote:
> >> > No, it's operating as designed. Per the GRANT reference page:
> >> > : Depending on t
On 3/8/07, Rikard Pavelic <[EMAIL PROTECTED]> wrote:
Bill Moran wrote:
>> Hmm, so the answer to my question
>> "How can I assign execute permission to a role for a single function
>> inside schema."
>> is I can't?
>>
>
> How did you interpret "do it like this" to mean "you can't do it"?
>
> REVO
On 08/03/2007 22:21, Rikard Pavelic wrote:
And for user2 to be able to execute
example.function2() and not example.function1()?
REVOKE EXECUTE ON FUNCTION example.function1() FROM user1
don't have any affect.
Surely you mean -
REVOKE EXECUTE ON FUNCTION example.function1() FROM user2;
Shane Ambler wrote:
You can but the default is to allow the execution of all functions.
You need to revoke the existing permission of executing all functions
before you can allow only a single function to be run.
If you want a specific function to be accessed only by selected roles
then you
Bill Moran wrote:
Hmm, so the answer to my question
"How can I assign execute permission to a role for a single function
inside schema."
is I can't?
How did you interpret "do it like this" to mean "you can't do it"?
REVOKE ALL ON FROM PUBLIC;
So this basically means that I can't fi
Rikard Pavelic wrote:
Tom Lane wrote:
No, it's operating as designed. Per the GRANT reference page:
: Depending on the type of object, the initial default privileges may
: include granting some privileges to PUBLIC. The default is no public
: access for tables, schemas, and tablespaces; CONNECT
- Original Message -
From: "Bill Moran" <[EMAIL PROTECTED]>
To: "Rikard Pavelic" <[EMAIL PROTECTED]>
Cc: "Tom Lane" <[EMAIL PROTECTED]>;
Sent: Thursday, March 08, 2007 3:18 PM
Subject: Re: [GENERAL] security permissions for functions
In response to Rikard Pavelic <[EMAIL PROTECTED]>:
> Tom Lane wrote:
> > No, it's operating as designed. Per the GRANT reference page:
> > : Depending on the type of object, the initial default privileges may
> > : include granting some privileges to PUBLIC. The default is no public
> > : access f
Tom Lane wrote:
No, it's operating as designed. Per the GRANT reference page:
: Depending on the type of object, the initial default privileges may
: include granting some privileges to PUBLIC. The default is no public
: access for tables, schemas, and tablespaces; CONNECT privilege and TEMP
: ta
Rikard Pavelic <[EMAIL PROTECTED]> writes:
> Is this a bug or something?
No, it's operating as designed. Per the GRANT reference page:
: Depending on the type of object, the initial default privileges may
: include granting some privileges to PUBLIC. The default is no public
: access for tables,
Hi!
How can I assign execute permission to a role for a single function
inside schema.
For example
I create schema example;
function example.simple_select()
and user test_user;
If I grant usage on schema example to user test_user as
GRANT USAGE ON SCHEMA example TO test_user;
I can do select
15 matches
Mail list logo
