Supabase•8h ago

Dont grant permissions to run functions by default

I dont want anyone to be able to run a function by default. I want to manually grant it, since its security sensitive and that should be explicit. So in the beginning of my migrations I have:

alter default privileges in schema api
revoke all on functions
from
    public,
    authenticated,
    anon,
    service_role;

alter default privileges in schema api
revoke all on functions
from
    public,
    authenticated,
    anon,
    service_role;

But when i try to run the function it still works. unless I explicitly revoke the permissions after creation (I dont want this) with:

revoke
execute on all functions in schema api
from
    public,
    authenticated,
    anon,
    service_role;

revoke
execute on all functions in schema api
from
    public,
    authenticated,
    anon,
    service_role;

2 Replies

IdrisOP•7h ago

The proacl is null of newly created functions while I would expect it to be just postgres

garyaustin•6h ago

Check how they are enabled for future functions/routines in the recommended schema settings (if you used those). https://supabase.com/docs/guides/api/using-custom-schemas Otherwise a new schema should not have grants at all to other roles than postgres.

Gaming

Programming

Dont grant permissions to run functions by default

Did you find this page helpful?