Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sPpQY-006WxO-67
	for pgsql-general@arkaria.postgresql.org; Fri, 05 Jul 2024 20:21:06 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sPpPW-00DruZ-PT
	for pgsql-general@arkaria.postgresql.org; Fri, 05 Jul 2024 20:20:03 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1sPpPW-00DruQ-Ea
	for pgsql-general@lists.postgresql.org; Fri, 05 Jul 2024 20:20:03 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1sPpPU-000brL-SX
	for pgsql-general@lists.postgresql.org; Fri, 05 Jul 2024 20:20:02 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 465KJwtQ338714;
	Fri, 5 Jul 2024 16:19:58 -0400
From: Tom Lane <tgl@sss.pgh.pa.us>
To: "Tefft, Michael J" <Michael.J.Tefft@snapon.com>
cc: "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Subject: Re: Removing the default grant of EXECUTE on functions/procedures to PUBLIC
In-reply-to: <BN8PR04MB6289726F36244ED95C4FD3F3D0DF2@BN8PR04MB6289.namprd04.prod.outlook.com>
References: <BN8PR04MB6289E694A40BE7DF913754A1D0DF2@BN8PR04MB6289.namprd04.prod.outlook.com> <201663.1720191061@sss.pgh.pa.us> <BN8PR04MB6289DE86BD158D8785B302C5D0DF2@BN8PR04MB6289.namprd04.prod.outlook.com> <326041.1720203728@sss.pgh.pa.us> <BN8PR04MB6289726F36244ED95C4FD3F3D0DF2@BN8PR04MB6289.namprd04.prod.outlook.com>
Comments: In-reply-to "Tefft, Michael J" <Michael.J.Tefft@snapon.com>
	message dated "Fri, 05 Jul 2024 18:42:54 -0000"
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <338712.1720210798.1@sss.pgh.pa.us>
Content-Transfer-Encoding: quoted-printable
Date: Fri, 05 Jul 2024 16:19:58 -0400
Message-ID: <338713.1720210798@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/338713.1720210798%40sss.pgh.pa.us>
Precedence: bulk

"Tefft, Michael J" <Michael.J.Tefft@snapon.com> writes:
> I apologize, that was sloppy.
> I was using the acldefault() function with pg_roles, like this:
> =3D> select rolname,  acldefault('f',oid) from pg_roles where rolname li=
ke 'mjt%' order by 1;

Ah, yeah, that always shows the *built in* default privileges for a
given object kind and owner.  If there's a relevant entry in
pg_default_acl, it overrides the built-in default during object
creation.

			regards, tom lane