On Sat, Feb 28, 2015 at 12:27 AM, Stephen Frost <sfr...@snowman.net> wrote: > While this generally "works", the usual expectation is that functions > that should be superuser-only have a check in the function rather than > depending on the execute privilege. I'm certainly happy to debate the > merits of that approach, but for the purposes of this patch, I'd suggest > you stick an if (!superuser()) ereport("must be superuser") into the > function itself and not work about setting the correct permissions on > it.
-1. If that policy exists at all, it's a BAD policy, because it prevents users from changing the permissions using DDL. I think the superuser check should be inside the function, when, for example, it masks some of the output data depending on the user's permissions. But I see little virtue in handicapping an attempt by a superuser to grant SELECT rights on pg_file_settings. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers