Right now in postgres it is impossible to hide stored procedure source code from non-privileged users...namely the prosrc column of the pg_proc table. For those of you in a hurry skip to the summary at the end :-).
From my point of view (not sure if others would agree), it would be nice to suppress being able to see stored procedure source code by any means (select * from pg_proc, \df, etc) if the user does not have execute permission on the function. If Matthias's proposed enhancements to grant/revoke make it in, so much the better. I tried various tricky ways to do this... REVOKEing public access to pg_proc (and reGRANTing to specific users) actually works, but also prevents those users from using various client tools, such as pg_dump and pgAdmin, because those tools depend on system SPs for various things. Created a pg_proc view in the public schema and arranged search path so that this comes up first. Interestingly, pgAdmin was still able to render SQL definitions from functions even though it does not explicitly prefix catalog access with pg_catalog. Anyways, what I would like to see is pg_proc be implemented as a view over the real procedure table, which is only available to superusers (currently pg_proc is readable to public and writable from superusers). The view definition provides a convention place to CASE prosrc to NULL, or <access denied> or some such. Ok. In summary, here's what I'm looking for: 1. Am I totally off my rocker for suggesting users without 'execute' priv. should not be able to view procedure source. 2. If not, is it unreasonably intrusive to split pg_proc into a hidden system catalog + a public view. 3. If not, is there any chance that a patch basically doing the above would get accepted? :) Merlin ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]