Hi!
Ive encountered an issue after updating ldap2pg from ver. 6.4 to 6.5.1 where EXECUTE privileges on functions (and routines as well) are re-applied on every run, even though they are already granted.
CHANGE Grant privileges. grant="GLOBAL DEFAULT FOR user EXECUTE ON FUNCTIONS TO ldap_group_1" database=test
As it seems in DEBUG it detects that the privilege is granted:
DEBUG Found grant in Postgres instance. grant="GLOBAL DEFAULT FOR user EXECUTE ON FUNCTIONS TO ldap_group_1" database=test
But anyway it tries to grant it:
DEBUG Wants grant. grant="GLOBAL DEFAULT FOR user EXECUTE ON FUNCTIONS TO ldap_group_1" database=test
I noticed a possible inconsistency in how function/routine default privileges are represented:
internal/privileges/sql/global-default.sql
...
CASE defaclobjtype
WHEN 'f' THEN 'FUNCTIONS'
...
internal/privileges/sql/schema-default.sql
...
CASE defaclobjtype
WHEN 'f' THEN 'ROUTINES'
...
(As its mentioned in https://www.postgresql.org/docs/16/catalog-pg-default-acl.htm defaclobjtype char "f" states for function)
At first I thought this could be caused by FUNCTIONS vs ROUTINES, but changing functions to routines in the config does not change the behavior.
Hi!
Ive encountered an issue after updating ldap2pg from ver. 6.4 to 6.5.1 where EXECUTE privileges on functions (and routines as well) are re-applied on every run, even though they are already granted.
As it seems in DEBUG it detects that the privilege is granted:
But anyway it tries to grant it:
I noticed a possible inconsistency in how function/routine default privileges are represented:
internal/privileges/sql/global-default.sql
internal/privileges/sql/schema-default.sql
(As its mentioned in https://www.postgresql.org/docs/16/catalog-pg-default-acl.htm defaclobjtype char "f" states for function)
At first I thought this could be caused by FUNCTIONS vs ROUTINES, but changing functions to routines in the config does not change the behavior.