Skip to content

Commit 8a09e5b

Browse files
digest: revoke build_notification_digests EXECUTE from anon/authenticated (final review)
1 parent 826c713 commit 8a09e5b

1 file changed

Lines changed: 6 additions & 1 deletion

File tree

sql/patches/notification-digest-mode.sql

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -535,7 +535,12 @@ BEGIN
535535
END;
536536
$function$;
537537

538-
-- No GRANT on build_notification_digests: it is cron-only, not callable by anon/authenticated.
538+
-- Cron-only: revoke EXECUTE so anon/authenticated cannot POST
539+
-- /rest/v1/rpc/build_notification_digests to force early/partial roll-ups.
540+
-- Supabase grants EXECUTE on new public functions to anon/authenticated directly
541+
-- (via default privileges) AND to PUBLIC, so revoke from all three. The cron job
542+
-- runs as the owner (postgres), which retains access; service_role too.
543+
REVOKE EXECUTE ON FUNCTION public.build_notification_digests() FROM anon, authenticated, PUBLIC;
539544

540545
-- Schedule daily at 09:00 UTC (idempotent re-schedule).
541546
SELECT cron.unschedule('notification-digest-daily')

0 commit comments

Comments
 (0)