Participants
Sergey Suleymanov
Sergey Suleymanov
Tom Lane
Tom Lane
Lincoln Yeoh
Lincoln Yeoh
Attachments
Show all attachments
Thread Outline
#1Sergey SuleymanovSergey Suleymanov
Sep 05, 2003
#2...#4
Tom LaneLincoln Yeoh
to Sergey Suleymanov (#1)
Sep 05, 2003
#2Tom LaneTom Laneto Sergey Suleymanov (#1)
Sep 05, 2003
#3Lincoln YeohLincoln Yeohto Tom Lane (#2)
Sep 05, 2003
#4Tom LaneTom Laneto Lincoln Yeoh (#3)
Sep 05, 2003
#5Sergey SuleymanovSergey Suleymanovto Sergey Suleymanov (#1)
Sep 08, 2003

default EXECUTE privilege

Started by Sergey Suleymanovover 22 years ago5 messagesgeneral
Jump to latest
#1Sergey Suleymanov
Sergey Suleymanov
solt@eatpbank.ru

Documentation says "By default, only the owner (creator) of the
function has the right to execute it."

But for me newly created function has execute privilege to
public by default. And we have to execute "revoke execute on
function ... from public". Why?

Version is 7.3.2

--
Sergey Suleymanov

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Sergey Suleymanov (#1)
Re: default EXECUTE privilege

Sergey Suleymanov <solt@eatpbank.ru> writes:

Documentation says "By default, only the owner (creator) of the
function has the right to execute it."

That's a documentation error. Where do you see it exactly? I can't
find such a statement in the current sources.

But for me newly created function has execute privilege to
public by default. And we have to execute "revoke execute on
function ... from public". Why?

We decided that was the most useful default.

regards, tom lane

#3Lincoln Yeoh
Lincoln Yeoh
lyeoh@pop.jaring.my
In reply to: Tom Lane (#2)
Re: default EXECUTE privilege

Last line just before EXAMPLES
http://www.us.postgresql.org/postgresql-7.3.3/sql-createfunction.html

Highlighted:
http://216.239.33.104/search?q=cache:soHhFN4V1IMJ:www.us.postgresql.org/postgresql-7.3.3/sql-createfunction.html++site:www.us.postgresql.org+default,+only+the+owner+%22%2Bof+%2Bthe+function%22++right+to+execute+it&amp;hl=en&amp;ie=UTF-8

At 10:48 AM 9/5/2003 -0400, Tom Lane wrote:

Show quoted text

Sergey Suleymanov <solt@eatpbank.ru> writes:

Documentation says "By default, only the owner (creator) of the
function has the right to execute it."

That's a documentation error. Where do you see it exactly? I can't
find such a statement in the current sources.

But for me newly created function has execute privilege to
public by default. And we have to execute "revoke execute on
function ... from public". Why?

We decided that was the most useful default.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

#4Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Lincoln Yeoh (#3)
Re: default EXECUTE privilege

Lincoln Yeoh <lyeoh@pop.jaring.my> writes:

That's a documentation error. Where do you see it exactly? I can't
find such a statement in the current sources.

Last line just before EXAMPLES
http://www.us.postgresql.org/postgresql-7.3.3/sql-createfunction.html

Ah. Looks like it's already been removed from the 7.4 docs.

The GRANT reference page does state the situation correctly:

Depending on the type of object, the initial default privileges may
include granting some privileges to PUBLIC. The default is no public
access for tables and schemas; TEMP table creation privilege for
databases; EXECUTE privilege for functions; and USAGE privilege for
languages. The object creator may of course revoke these privileges.

regards, tom lane

#5Sergey Suleymanov
Sergey Suleymanov
solt@eatpbank.ru
In reply to: Sergey Suleymanov (#1)
Re: default EXECUTE privilege

Tom Lane writes:

Tom> We decided that was the most useful default.

Well, not too useful when "SECURITY DEFINER" is used. Anyway
thank you for explanation.

--
Sergey Suleymanov

← Back to Topics