function permissions question

Поиск
Список
Период
Сортировка
От Greg Steffensen
Тема function permissions question
Дата
Msg-id 438a23610712082121t7827e47fqcecdce1e9334e202@mail.gmail.com
обсуждение исходный текст
Ответы Re: function permissions question  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-general
Дерево обсуждения 
Hey, I'm slightly confused about how the permission checking is done
when executing functions.  Basically, users that I've never granted
execution permissions to are able to execute functions.  Basically,
why does this script (which I've tested on a fresh db, executing via
psql as a superuser) succeed:

--------------
CREATE SCHEMA testschema;

CREATE FUNCTION testschema.testfunc()
  RETURNS character varying AS
$BODY$SELECT 'foobar'::varchar;$BODY$
  LANGUAGE 'sql' VOLATILE;

CREATE USER testuser;

GRANT USAGE ON SCHEMA testschema TO testuser;

SET SESSION AUTHORIZATION testuser;

SELECT testschema.testfunc();
------------------

But permission checking works the way I thought it was supposed to
when dealing with tables, like when I execute this instead, and get a
permissions failure:

-----------------
CREATE SCHEMA testschema;

CREATE TABLE testschema.testtable (testcolumn VARCHAR);

CREATE USER testuser;

GRANT USAGE ON SCHEMA testschema TO testuser;

SET SESSION AUTHORIZATION testuser;

SELECT * FROM testschema.testtable;
----------------

Any help is greatly appreciated.  Thanks,

Greg

В списке pgsql-general по дате отправления:

Предыдущее
От: Efraín López
Дата:
Сообщение: Re: libpq messages language
Следующее
От: Tom Lane
Дата:
Сообщение: Re: function permissions question