Open kkrasnov1 opened 6 months ago
Hi @kkrasnov1 , thanks for reaching. Can you share a sample procedure object, with ACL and owner ? Use \df+
for example.
CREATE SCHEMA ldap2pg_test AUTHORIZATION xxx;
create or replace procedure ldap2pg_test.proc1()
language plpgsql
as $$
begin
commit;
end;$$;;
xxx=# \df+ ldap2pg_test.proc1
List of functions
-[ RECORD 1 ]-------+-------------
Schema | ldap2pg_test
Name | proc1
Result data type |
Argument data types |
Type | proc
Volatility | volatile
Parallel | unsafe
Owner | postgres
Security | invoker
Access privileges |
Language | plpgsql
Source code | +
| begin +
| +
| commit; +
| end;
Description |
GE Revoke privilege. grant="EXECUTE ON ALL FUNCTIONS IN SCHEMA xxx.ldap2pg_test TO public" database=xxx
GE Grant privilege. grant="EXECUTE ON ALL FUNCTIONS IN SCHEMA xxx.ldap2pg_test TO db_pg_test_xxx_datawriter" database=xxx
GE Grant privilege. grant="EXECUTE ON ALL FUNCTIONS IN SCHEMA xxx.ldap2pg_test TO db_pg_test_xxx_owner" database=xxx
GE Grant privilege. grant="EXECUTE ON ALL FUNCTIONS IN SCHEMA xxx.ldap2pg_test TO db_pg_test_xxx_owner" database=xxx
Hi @bersace, Is it possible to grant privileges to stored procedures?
Hi @bersace, Is it possible to grant privileges to stored procedures?
You can manage EXECUTE on all functions with __execute_on_functions__
privilege.
See https://ldap2pg.readthedocs.io/en/latest/builtins/#execute-on-functions
Hi @bersace, Is it possible to grant privileges to stored procedures?
You can manage only privileges per schema. No finer granularity.
Hi @bersace, Is it possible to grant privileges to stored procedures?
You can manage EXECUTE on all functions with
__execute_on_functions__
privilege. See https://ldap2pg.readthedocs.io/en/latest/builtins/#execute-on-functions
Thank you. It works correctly.
@bersace, every time I start, I get a message CHANGE Revoke privilege. grant="EXECUTE ON ALL FUNCTIONS IN SCHEMA userdb.ldap2pg_test TO myuser" database=userdb
Am I doing something wrong or is it a bug in ldap2pg?
ldap2pg.yml
Expectations
Hi,
We use procedures in PostgreSQL and builtin priviledge execute_on_functions. If there are procedures, ldap2pg constantly tries to grant privileges to all functions, but cannot.
If privileges for procedures are granted manually, then ldap2pg no longer tries to grant privileges for all functions.
ldap2pg probably correctly determines that there are not enough privileges for procedures, but tries to issue them for functions.
Verbose output of ldap2pg execution