Participants
Barry Brown
Barry Brown
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Barry BrownBarry Brown
May 03, 2007
#2Tom LaneTom Laneto Barry Brown (#1)
May 04, 2007

Separating function privileges from tables

Started by Barry Brownalmost 19 years ago2 messagesgeneral
Jump to latest
#1Barry Brown
Barry Brown
barry@cs.sierracollege.edu

Hi all,

It's nice that privileges on views are separate from the privileges
on its underlying tables. For example, if view V queries tables A and
B, I only need to grant SELECT on the view to another user; tables A
and B can have that privilege revoked and the view works.

Are there plans to extend similar behavior to functions? That is, can
I simply grant EXECUTE on the function and not have to worry about
granting the appropriate privileges to the tables used by the function?

Thanks.

-B

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Barry Brown (#1)
Re: Separating function privileges from tables

Barry Brown <barry@cs.sierracollege.edu> writes:

It's nice that privileges on views are separate from the privileges
on its underlying tables. For example, if view V queries tables A and
B, I only need to grant SELECT on the view to another user; tables A
and B can have that privilege revoked and the view works.

Are there plans to extend similar behavior to functions? That is, can
I simply grant EXECUTE on the function and not have to worry about
granting the appropriate privileges to the tables used by the function?

I think you are looking for SECURITY DEFINER function option.

regards, tom lane

← Back to Topics