Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1twMeg-00DLgM-Un for pgsql-general@arkaria.postgresql.org; Sun, 23 Mar 2025 14:50:26 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1twMee-00HNPU-QK for pgsql-general@arkaria.postgresql.org; Sun, 23 Mar 2025 14:50:24 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1twMee-00HNPM-D0 for pgsql-general@lists.postgresql.org; Sun, 23 Mar 2025 14:50:24 +0000 Received: from mail-oa1-x2b.google.com ([2001:4860:4864:20::2b]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1twMec-000glc-2x for pgsql-general@lists.postgresql.org; Sun, 23 Mar 2025 14:50:23 +0000 Received: by mail-oa1-x2b.google.com with SMTP id 586e51a60fabf-2c7b2c14455so448941fac.2 for ; Sun, 23 Mar 2025 07:50:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742741422; x=1743346222; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Cd0ndan9zmEQ4Vw8k3jAwJ8fa7kLVXUBojU9MueWSFw=; b=ee4nER8NNzQ+ZMjTJCWNIlSnwnssy+XLFpYLMw2ga/YmknlOH1GXgr8DlGtJ24yvHw fzSYO3kxlIsZRB57PtXKxrK5ImCY9lESOIg2r9JOxptTPaxet9cD7gPuVuSC6v2KxlTo 5YrxMA/+CvZA5XQrD28P1/A8+9umCgTk6TT0d2AMITx4gDwfY97GPt0geyEFs/G9Pmz8 8Ow1XjTz79fh6a56SB63a83YdOUzQeQwh0m52nWBTL69Fh3+XhPZW7MKfo1rcSXdl4yB JUojo898eDEUCMYiOYgg/jks2VCfTX2asiYhX6yVdiTnIuI3j/Qo9nt2Y0qaugDQ2sIx GbMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742741422; x=1743346222; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Cd0ndan9zmEQ4Vw8k3jAwJ8fa7kLVXUBojU9MueWSFw=; b=U4kG5lYvOwzdisu6xV0HvDt1R0TGKaPy6I9TEE6v/7APoORgbwrmWi6d5LtdERVDo0 cPVk1bceREJ4yYVYCiCRYq7BezqG2z4Jf5/5P0bvaDqspaL9Ts6V1TFigkZNfasnmqha w7fMCCZxJU9Ybco0JN+HikOiPzljfagff0r750kCTXAJQFDqvxS7oBGawohwPWyWQ5Z/ taed3JRoM4tf0NKAeRo6V/G1pDQWh4eVafuBxS0cTZKCst5VRQ0duczs37yUlGmRqs3s 43svv32n/KiKuQ7of30DOlqwL1rQf+dnLtt0ofy46OAvQjsM4x4+HFKuSpEtELEJG3IF jgxw== X-Gm-Message-State: AOJu0Yx+hRJWnMJOSDkLvqg4DZfHLqdFAS1R/FHqYXUS1OfrxIHk+X4A T3ymJzin09APzxUpRlWlpXNXgp//0UHJVqlLCl9C5PwuaFzLysOLG0UG0rzloQxs2K+Cz6I+Wzn 67ehR/O0j5spxRgZ723Xq7E1/yLA= X-Gm-Gg: ASbGncva4HENSb5uBHsVcCzEAhLeCDMOC9uCpqOvnjKqfibzkDiCWdfOMruDxFVwlIt wlDYo4AG4UP4hQa/+uLVQ1EYIK86h8jFH3aso5PUHvFH3Se7PgiGm+s0j3+lKoB/OqL3Ep6IY2N JmbfBYSIK0jQe9E0EGQrA8MVW6 X-Google-Smtp-Source: AGHT+IEuCrwJOoIeHgdVLylgqPgb/63Jjkfo8D3cjJv6OImy1t+91iBdeLLEhATHhTxka2Q/yBNQQPZ87b+XlXTjMHQ= X-Received: by 2002:a05:6871:6a0:b0:2b8:69:6016 with SMTP id 586e51a60fabf-2c7804c84b5mr6722208fac.28.1742741422023; Sun, 23 Mar 2025 07:50:22 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a8a:349:0:b0:589:13f9:e937 with HTTP; Sun, 23 Mar 2025 07:50:21 -0700 (PDT) In-Reply-To: References: From: "David G. Johnston" Date: Sun, 23 Mar 2025 07:50:21 -0700 X-Gm-Features: AQ5f1Jqv_uSk__QTzR9x2qpC_VyYT9IVZpTV0oFm0PElyIUh-NBH7DCM-eieICc Message-ID: Subject: Re: Need help understanding has_function_privilege To: Cosimo Simeone Cc: "pgsql-general@lists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000652ace0631039bdd" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000652ace0631039bdd Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Friday, March 21, 2025, Cosimo Simeone wrote: > Hi, and thanks (both of you!) > Shouldn't the > create role my_user NOINHERIT; > avoid this? And since not, why? :-) > > We might need to improve documentation surrounding the public pseudo-role a bit. Since it=E2=80=99s not a true group role I suspect inherit/noinherit = doesn=E2=80=99t apply. (You also cannot SET to it, nor admin it - not tested.) Losing the execute privilege on every built-in function would be way too annoying. David J. --000000000000652ace0631039bdd Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Friday, March 21, 2025, Cosimo Simeone <cosimo.simeone@gmail.com> wrote:
Hi, and thanks (both of you!)
Sho= uldn't the
=C2=A0create role my_user NOINHERIT;
av= oid this? And since not, why? :-)


We might need to improve documentation surrounding the pu= blic pseudo-role a bit.=C2=A0 Since it=E2=80=99s not a true group role I su= spect inherit/noinherit doesn=E2=80=99t apply. (You also cannot SET to it, = nor admin it - not tested.) Losing the execute privilege on every built-in = function would be way too annoying.

David J.
=

--000000000000652ace0631039bdd--