Re: Clarification on View Privileges and Operator Execution in PostgreSQL

public inbox for [email protected]  
help / color / mirror / Atom feed

Re: Clarification on View Privileges and Operator Execution in PostgreSQL
2+ messages / 2 participants
[nested] [flat]

* Re: Clarification on View Privileges and Operator Execution in PostgreSQL
@ 2024-04-07 17:01 David G. Johnston <[email protected]>
  2024-04-07 18:02 ` Re: Clarification on View Privileges and Operator Execution in PostgreSQL Ayush Vatsa <[email protected]>
  0 siblings, 1 reply; 2+ messages in thread

From: David G. Johnston @ 2024-04-07 17:01 UTC (permalink / raw)
  To: Ayush Vatsa <[email protected]>; +Cc: [email protected]

On Sun, Apr 7, 2024 at 9:32 AM Ayush Vatsa <[email protected]> wrote:

>  but who will execute the
> > underlying function inside the ( > ) operator ? Is it postgres or alex?
>
>>
I'm reasonably confident that all the built-in functions are security
invoker.  Not that a pure function like greater-than really cares.

David J.

^ permalink  raw  reply  [nested|flat] 2+ messages in thread

* Re: Clarification on View Privileges and Operator Execution in PostgreSQL
  2024-04-07 17:01 Re: Clarification on View Privileges and Operator Execution in PostgreSQL David G. Johnston <[email protected]>
@ 2024-04-07 18:02 ` Ayush Vatsa <[email protected]>
  0 siblings, 0 replies; 2+ messages in thread

From: Ayush Vatsa @ 2024-04-07 18:02 UTC (permalink / raw)
  To: David G. Johnston <[email protected]>; +Cc: [email protected]

> If you want to confirm what the documentation says create a custom
operator/function that alex is not permitted to execute and have them query
a view defined by postgres that uses that function.
Thanks for the suggestion, it helped and I found out alex could not execute
the view as it didn't have privileges for the function associated with
operator

But a small doubt arises here I have to revoke the execution of the
function using the command
REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public from public;
but when I tried
REVOKE EXECUTE ON FUNCTION text_equals(text,text) FROM alex;
or
REVOKE ALL ON FUNCTION text_equals(text,text) FROM alex;
It didn't work i.e alex can still execute text_equals function. Why is it
so?

Thanks
Ayush Vatsa
SDE AWS

On Sun, 7 Apr 2024 at 22:31, David G. Johnston <[email protected]>
wrote:

> On Sun, Apr 7, 2024 at 9:32 AM Ayush Vatsa <[email protected]>
> wrote:
>
>>  but who will execute the
>> > underlying function inside the ( > ) operator ? Is it postgres or alex?
>>
>>>
> I'm reasonably confident that all the built-in functions are security
> invoker.  Not that a pure function like greater-than really cares.
>
> David J.
>
>

^ permalink  raw  reply  [nested|flat] 2+ messages in thread

end of thread, other threads:[~2024-04-07 18:02 UTC | newest]

Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2024-04-07 17:01 Re: Clarification on View Privileges and Operator Execution in PostgreSQL David G. Johnston <[email protected]>
2024-04-07 18:02 ` Ayush Vatsa <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox