public inbox for [email protected]
help / color / mirror / Atom feedFrom: Adrian Klaver <[email protected]>
To: Ayush Vatsa <[email protected]>
To: [email protected]
Subject: Re: Clarification on REVOKE ALL ON FUNCTION – Are there any privileges apart from EXECUTE?
Date: Sun, 18 May 2025 12:21:33 -0700
Message-ID: <[email protected]> (raw)
In-Reply-To: <CACX+KaOyuhOf6qcA1jj2AMAhwt_ofXHU2nqE31SmJ+-0qVhU1g@mail.gmail.com>
References: <CACX+KaOyuhOf6qcA1jj2AMAhwt_ofXHU2nqE31SmJ+-0qVhU1g@mail.gmail.com>
On 5/18/25 12:17, Ayush Vatsa wrote:
> Hi Postgres Community,
> I had a quick question regarding function-level privileges in PostgreSQL.
> We know that |REVOKE EXECUTE ON FUNCTION ...| removes the ability to
> call the function. But when we do:
> REVOKE ALL ON FUNCTION my_func(args) FROM some_role;
>
> does this revoke anything other than |EXECUTE|? Are there any other
> privileges that apply to functions which get revoked via |REVOKE ALL|?
> > I looked through the documentation but couldn’t find a definitive answer
> on whether |ALL| includes more than just |EXECUTE| in the context of
> functions.
See here:
https://www.postgresql.org/docs/current/ddl-priv.html
Table 5.1. ACL Privilege Abbreviations
This is the best way to see what privileges apply to what objects.
>
> Would appreciate any insights or pointers.
>
> ---------------
> Regards,
> Ayush
>
--
Adrian Klaver
[email protected]
view thread (2+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Clarification on REVOKE ALL ON FUNCTION – Are there any privileges apart from EXECUTE?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox