Bryn Llewellyn <bryn@yugabyte.com> writes:
> I just confirmed that, if it suits me, I can revoke "execute" from "public" on all overloads of the humble length()
function.Maybe I should refer to it as "pg_catalog.length()" to emphasize another point that had escaped me.
Yup. For even more fun, try revoking privileges on a function that
underlies an operator.
regression=# revoke execute on function int4pl from public;
REVOKE
regression=# select 2+2; -- still works, for a superuser
?column?
----------
4
(1 row)
regression=# create user joe;
CREATE ROLE
regression=# \c - joe
You are now connected to database "regression" as user "joe".
regression=> select 2+2; -- not so much for anybody else
ERROR: permission denied for function int4pl
regards, tom lane