On Sun, Apr 7, 2024 at 11:02 AM Ayush Vatsa <ayushvatsa1...@gmail.com> wrote:
> > If you want to confirm what the documentation says create a custom > operator/function that alex is not permitted to execute and have them query > a view defined by postgres that uses that function. > Thanks for the suggestion, it helped and I found out alex could not > execute the view as it didn't have privileges for the function associated > with operator > > But a small doubt arises here I have to revoke the execution of the > function using the command > REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public from public; > but when I tried > REVOKE EXECUTE ON FUNCTION text_equals(text,text) FROM alex; > or > REVOKE ALL ON FUNCTION text_equals(text,text) FROM alex; > It didn't work i.e alex can still execute text_equals function. Why is it > so? > >> >> See https://www.postgresql.org/docs/current/ddl-priv.html Especially the part regarding default privileges. The PUBLIC pseudo-role is granted execute on functions by default. You are probably trying to revoke a privilege from alex that was never granted to alex directly. David J.
