Dont grant permissions to run functions by default

I dont want anyone to be able to run a function by default. I want to manually grant it, since its security sensitive and that should be explicit.

So in the beginning of my migrations I have:

alter default privileges in schema api
revoke all on functions
from
    public,
    authenticated,
    anon,
    service_role;

alter default privileges in schema api
revoke all on functions
from
    public,
    authenticated,
    anon,
    service_role;

But when i try to run the function it still works. unless I explicitly revoke the permissions after creation (I dont want this) with:

revoke
execute on all functions in schema api
from
    public,
    authenticated,
    anon,
    service_role;

revoke
execute on all functions in schema api
from
    public,
    authenticated,
    anon,
    service_role;

Supabase•4mo ago•

100 replies

Idris

Dont grant permissions to run functions by default

I dont want anyone to be able to run a function by default. I want to manually grant it, since its security sensitive and that should be explicit.

So in the beginning of my migrations I have:

alter default privileges in schema api
revoke all on functions
from
    public,
    authenticated,
    anon,
    service_role;

alter default privileges in schema api
revoke all on functions
from
    public,
    authenticated,
    anon,
    service_role;

But when i try to run the function it still works. unless I explicitly revoke the permissions after creation (I dont want this) with:

revoke
execute on all functions in schema api
from
    public,
    authenticated,
    anon,
    service_role;

revoke
execute on all functions in schema api
from
    public,
    authenticated,
    anon,
    service_role;

Dont grant permissions to run functions by default

Similar Threads

Dont grant permissions to run functions by default

Similar Threads

Similar Threads

Similar Threads