Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1twKox-00D0nm-7c
	for pgsql-general@arkaria.postgresql.org; Sun, 23 Mar 2025 12:52:55 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1twKnw-00FgGl-4Q
	for pgsql-general@arkaria.postgresql.org; Sun, 23 Mar 2025 12:51:52 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <cosimo.simeone@gmail.com>)
	id 1tvdgl-008soj-GS
	for pgsql-general@lists.postgresql.org; Fri, 21 Mar 2025 14:49:35 +0000
Received: from mail-io1-xd36.google.com ([2607:f8b0:4864:20::d36])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <cosimo.simeone@gmail.com>)
	id 1tvdgj-000Kds-2o
	for pgsql-general@lists.postgresql.org;
	Fri, 21 Mar 2025 14:49:34 +0000
Received: by mail-io1-xd36.google.com with SMTP id ca18e2360f4ac-85b40a5120eso50805439f.1
        for <pgsql-general@lists.postgresql.org>; Fri, 21 Mar 2025 07:49:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1742568573; x=1743173373; darn=lists.postgresql.org;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=nt6cm4eVslSi3rIWnqY4aa16q4XZxp+0z1NT/dt1bjM=;
        b=ZIPZNZLPvVim4uB/NOrr8WKCH3FHX0EmARflWaRzlzAnVQ6KJfuVU96vGGaYjD1IVS
         GhvNAwl132fwvw9LG8wRXWgF8Zta2u+VEYtTLUIY02pP7VWawREjH2SeguPeeK2dHzu8
         bnZdVgp3VRTjSUSEuL2Vu2TsEL9MWdhMv4+tz4UxDP+lehjZPYrcCk3JHBbjlbHtrLMT
         bunf23uKYLuofzDwo0gw+HY+QPQ6qB76ihyBe6/OlJFBR0r+OvRmsuH43pEUNo8iseo1
         uIc+n+DfAKc+F8xawB0fAIBDC2iKEfWTN0yANqhXRJiQ2I8S4u/VqLWHfXD9LCG4R7Kk
         hczA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1742568573; x=1743173373;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=nt6cm4eVslSi3rIWnqY4aa16q4XZxp+0z1NT/dt1bjM=;
        b=JgbPBKKdnXDFqKcVyMrauAES5nnWmgqOY+mQF6nectGFun8NNrmYCIGq32aA0i4pLR
         +7mXfu611CWhQ+L2Jpv2X/SY4xJ3S3DqyGAU0ZRBabkXOth3ErWlpbdhuU4+Kwl/k3oz
         3i8KH+kH6ai5AbRaQTl568i/ZSIkGhUYTy2cBwEUWMfk7OSI2k0MXrqXRgtPSwBayXei
         OspzE2DY9fS44Iht4WSaBMaYLo/6CUownbQDp9TgP2cq0hps5gpU5Q9wzvhE203xPWdD
         V60xQ7MHvJGZHaJ5+YHjH4vz9MyPVGgWlVHWNjmNGXZ8J1/1mEdoZDIkqsr3ejTqzJJd
         q97A==
X-Gm-Message-State: AOJu0Yw0UkyqylWM4gkLlZhDmA+/Q3BO6RsmeO8dW4I7BMk1usdIeXQD
	7yvyPo8bGASfzQvOeLdih8Po9jSeTJEr67ask61lhGAMrLSVS6OquP8xHRMzHEf6KNRVDloj8ez
	d3n6H7i14grcHguSdk4tT52PJ8NVzVSnG
X-Gm-Gg: ASbGncswwLMHLvyjTeWgqTOgz7U1QidnniKmqfY5dGuFRR0+C3s+BwKdaglnlz0QR+8
	5vUcoiS9YveJAX15TFYt5W+hfVvlttz/ZN6BZ2z6dZcGhU4N7eZwOmNOes/gQKZn9FBFYCHEzjH
	DPyqM5/jRlQQF1JUvWwXkvLLegZz6UWJsVedHgsKLZSBmk4rtQlg5t6eIFVL2oZEQaB/nSYA==
X-Google-Smtp-Source: AGHT+IH+XHUyx6lMU8uqDLTaYd63D86LMAPQ3FIXlM4FOkl7tW1hINU7SnQYIv4qVu7RtJHb524QSGCa+AislRWtSFs=
X-Received: by 2002:a05:6e02:3308:b0:3d0:10ec:cc36 with SMTP id
 e9e14a558f8ab-3d59610878emr37400065ab.11.1742568572664; Fri, 21 Mar 2025
 07:49:32 -0700 (PDT)
MIME-Version: 1.0
References: <CAD1W9HXMUZ6mjBVhNQJGqLQkMnyQAc28OAqvCEpZ_rOEH=eDfw@mail.gmail.com>
 <CAKFQuwZmk+xvU9WUyX7CudPW7A7M0Jz+nAS+PWZ1dvVpDPLzjA@mail.gmail.com>
In-Reply-To: <CAKFQuwZmk+xvU9WUyX7CudPW7A7M0Jz+nAS+PWZ1dvVpDPLzjA@mail.gmail.com>
From: Cosimo Simeone <cosimo.simeone@gmail.com>
Date: Fri, 21 Mar 2025 14:48:56 +0000
X-Gm-Features: AQ5f1JoLgCWtUmIxU3k6iRYSFNRT-bB_Spr__L_aUheuF_8vUQI0s0sQ4QpzBJc
Message-ID: <CAD1W9HUKn-u8HnfhVX8e7qib1pYssiuSHp+Lu=5iHzpGJUDMMg@mail.gmail.com>
Subject: Re: Need help understanding has_function_privilege
To: "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="000000000000c542f50630db5c1f"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAD1W9HUKn-u8HnfhVX8e7qib1pYssiuSHp%2BLu%3D5iHzpGJUDMMg%40mail.gmail.com>
Precedence: bulk

--000000000000c542f50630db5c1f
Content-Type: text/plain; charset="UTF-8"

Hi, and thanks (both of you!)
Shouldn't the
 create role my_user NOINHERIT;
avoid this? And since not, why? :-)



On Thu, 20 Mar 2025 at 15:07, David G. Johnston <david.g.johnston@gmail.com>
wrote:

> On Wednesday, March 19, 2025, Cosimo Simeone <cosimo.simeone@gmail.com>
> wrote:
>>
>>
>> true?
>> Well... Ok, "whatever"... I revoke it:
>> =# revoke execute on function my_schema.my_func(text) from my_user;
>> REVOKE
>>
>
> Roles can inherit privileges.  my_user is inheriting its execute privilege
> from PUBLIC.  You have to revoke a granted privilege.
>
> David J.
>
>

--000000000000c542f50630db5c1f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif">Hi, and thanks (both of you!)</div><div class=3D"gmail_=
default" style=3D"font-family:arial,helvetica,sans-serif">Shouldn&#39;t the=
 <br></div><div class=3D"gmail_default" style=3D"font-family:arial,helvetic=
a,sans-serif">=C2=A0create role my_user NOINHERIT;</div><div class=3D"gmail=
_default" style=3D"font-family:arial,helvetica,sans-serif">avoid this? And =
since not, why? :-)</div><div class=3D"gmail_default" style=3D"font-family:=
arial,helvetica,sans-serif"><br></div><div class=3D"gmail_default" style=3D=
"font-family:arial,helvetica,sans-serif"><br></div></div><br><div class=3D"=
gmail_quote gmail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">On=
 Thu, 20 Mar 2025 at 15:07, David G. Johnston &lt;<a href=3D"mailto:david.g=
.johnston@gmail.com">david.g.johnston@gmail.com</a>&gt; wrote:<br></div><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-lef=
t:1px solid rgb(204,204,204);padding-left:1ex">On Wednesday, March 19, 2025=
, Cosimo Simeone &lt;<a href=3D"mailto:cosimo.simeone@gmail.com" target=3D"=
_blank">cosimo.simeone@gmail.com</a>&gt; wrote:<blockquote class=3D"gmail_q=
uote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,2=
04);padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_default" style=
=3D"font-family:arial,helvetica,sans-serif"><div><br></div><div><div style=
=3D"font-family:arial,helvetica,sans-serif" class=3D"gmail_default">true?</=
div><div style=3D"font-family:arial,helvetica,sans-serif" class=3D"gmail_de=
fault">Well... Ok, &quot;whatever&quot;... I revoke it:</div><div style=3D"=
font-family:arial,helvetica,sans-serif" class=3D"gmail_default">=3D# revoke=
 execute on function my_schema.my_func(text) from my_user;<br>REVOKE</div><=
/div></div></div></blockquote><div><br></div><div>Roles can inherit privile=
ges. =C2=A0my_user is inheriting its execute privilege from PUBLIC.=C2=A0 Y=
ou have to revoke a granted privilege.</div><div><br></div><div>David J.</d=
iv><div>=C2=A0</div>
</blockquote></div>

--000000000000c542f50630db5c1f--