我的目标是只允许特定用户执行特定模式中的函数,按名称列出可用的函数,但不能查看函数的源代码或列出其他模式.
通过执行以下操作,可以实现上述功能而无法列出可用的功能名称:
首先创建一个测试用户角色:
CREATE ROLE test_user WITH LOGIN PASSWORD 'secret';
现在撤消所有模式上公共的所有权限:
REVOKE ALL PRIVILEGES ON DATABASE test_db FROM PUBLIC;
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM PUBLIC;
REVOKE ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public FROM PUBLIC;
REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM PUBLIC;
REVOKE ALL ON SCHEMA public FROM PUBLIC;
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA function_schema FROM PUBLIC;
REVOKE ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA function_schema FROM …