By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,178 Members | 987 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,178 IT Pros & Developers. It's quick & easy.

default EXECUTE privilege

P: n/a

Documentation says "By default, only the owner (creator) of the
function has the right to execute it."

But for me newly created function has execute privilege to
public by default. And we have to execute "revoke execute on
function ... from public". Why?

Version is 7.3.2

--
Sergey Suleymanov
Nov 11 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Sergey Suleymanov <so**@eatpbank.ru> writes:
Documentation says "By default, only the owner (creator) of the
function has the right to execute it."
That's a documentation error. Where do you see it exactly? I can't
find such a statement in the current sources.
But for me newly created function has execute privilege to
public by default. And we have to execute "revoke execute on
function ... from public". Why?


We decided that was the most useful default.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Nov 11 '05 #2

P: n/a
Last line just before EXAMPLES
http://www.us.postgresql.org/postgre...efunction.html

Highlighted:
http://216.239.33.104/search?q=cache...hl=en&ie=UTF-8

At 10:48 AM 9/5/2003 -0400, Tom Lane wrote:
Sergey Suleymanov <so**@eatpbank.ru> writes:
Documentation says "By default, only the owner (creator) of the
function has the right to execute it."


That's a documentation error. Where do you see it exactly? I can't
find such a statement in the current sources.
But for me newly created function has execute privilege to
public by default. And we have to execute "revoke execute on
function ... from public". Why?


We decided that was the most useful default.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Nov 11 '05 #3

P: n/a
Lincoln Yeoh <ly***@pop.jaring.my> writes:
That's a documentation error. Where do you see it exactly? I can't
find such a statement in the current sources.
Last line just before EXAMPLES
http://www.us.postgresql.org/postgre...efunction.html


Ah. Looks like it's already been removed from the 7.4 docs.

The GRANT reference page does state the situation correctly:

Depending on the type of object, the initial default privileges may
include granting some privileges to PUBLIC. The default is no public
access for tables and schemas; TEMP table creation privilege for
databases; EXECUTE privilege for functions; and USAGE privilege for
languages. The object creator may of course revoke these privileges.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Nov 11 '05 #4

P: n/a
>>>>> Tom Lane writes:

Tom> We decided that was the most useful default.

Well, not too useful when "SECURITY DEFINER" is used. Anyway
thank you for explanation.

--
Sergey Suleymanov
Nov 11 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.