Обсуждение: Separating function privileges from tables

Поиск
Список
Период
Сортировка

Separating function privileges from tables

От
Barry Brown
Дата:
Hi all,

It's nice that privileges on views are separate from the privileges
on its underlying tables. For example, if view V queries tables A and
B, I only need to grant SELECT on the view to another user; tables A
and B can have that privilege revoked and the view works.

Are there plans to extend similar behavior to functions? That is, can
I simply grant EXECUTE on the function and not have to worry about
granting the appropriate privileges to the tables used by the function?

Thanks.

-B

Re: Separating function privileges from tables

От
Tom Lane
Дата:
Barry Brown <barry@cs.sierracollege.edu> writes:
> It's nice that privileges on views are separate from the privileges
> on its underlying tables. For example, if view V queries tables A and
> B, I only need to grant SELECT on the view to another user; tables A
> and B can have that privilege revoked and the view works.

> Are there plans to extend similar behavior to functions? That is, can
> I simply grant EXECUTE on the function and not have to worry about
> granting the appropriate privileges to the tables used by the function?

I think you are looking for SECURITY DEFINER function option.

            regards, tom lane