Re: Need help understanding has_function

public inbox for [email protected]  
help / color / mirror / Atom feed

Re: Need help understanding has_function_privilege
2+ messages / 2 participants
[nested] [flat]

* Re: Need help understanding has_function_privilege
@ 2025-03-21 14:48  Cosimo Simeone <[email protected]>
  0 siblings, 1 reply; 2+ messages in thread

From: Cosimo Simeone @ 2025-03-21 14:48 UTC (permalink / raw)
  To: [email protected] <[email protected]>

Hi, and thanks (both of you!)
Shouldn't the
 create role my_user NOINHERIT;
avoid this? And since not, why? :-)



On Thu, 20 Mar 2025 at 15:07, David G. Johnston <[email protected]>
wrote:

> On Wednesday, March 19, 2025, Cosimo Simeone <[email protected]>
> wrote:
>>
>>
>> true?
>> Well... Ok, "whatever"... I revoke it:
>> =# revoke execute on function my_schema.my_func(text) from my_user;
>> REVOKE
>>
>
> Roles can inherit privileges.  my_user is inheriting its execute privilege
> from PUBLIC.  You have to revoke a granted privilege.
>
> David J.
>
>


^ permalink  raw  reply  [nested|flat] 2+ messages in thread

* Re: Need help understanding has_function_privilege
@ 2025-03-23 14:50  David G. Johnston <[email protected]>
  parent: Cosimo Simeone <[email protected]>
  0 siblings, 0 replies; 2+ messages in thread

From: David G. Johnston @ 2025-03-23 14:50 UTC (permalink / raw)
  To: Cosimo Simeone <[email protected]>; +Cc: [email protected] <[email protected]>

On Friday, March 21, 2025, Cosimo Simeone <[email protected]> wrote:

> Hi, and thanks (both of you!)
> Shouldn't the
>  create role my_user NOINHERIT;
> avoid this? And since not, why? :-)
>
>
We might need to improve documentation surrounding the public pseudo-role a
bit.  Since it’s not a true group role I suspect inherit/noinherit doesn’t
apply. (You also cannot SET to it, nor admin it - not tested.) Losing the
execute privilege on every built-in function would be way too annoying.

David J.

^ permalink  raw  reply  [nested|flat] 2+ messages in thread

end of thread, other threads:[~2025-03-23 14:50 UTC | newest]

Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2025-03-21 14:48 Re: Need help understanding has_function_privilege Cosimo Simeone <[email protected]>
2025-03-23 14:50 ` David G. Johnston <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox