<pre>>I have a number of users each of which has their<br>>own schema. I don't want the users to be able<br>>to enable/disable the geospatialness of anyone<br>>else's columns. What's the right way to<br>
>secure postgis so as to prevent this? It seems<br>>that a single, global, geometry_columns is the<br>>problem.<br><br>I guess a solution could be this:<br><br>you set the geometry_column to read-only for all user except "postgres" user.<br>
<br>After you can create a schema for every user must add table using only its schema (its username).<br><br>After you create two security definer function with owner "postgres" that add and remove a row (a table) from geometry_column.<br>
and this two function has all the parameters needed for add a table to geometry_column.<br><br>The function before add to geometry_columns retrieve the "session-user" and check if that is the same of the <br>schema-parameter.<br>
If equal -> ok add<br>if not-equel-> "error: you are not allowable to add a table to schema"<br><br>Pay attention you must use "session-user" not "current-user" to check.<br><br>regards,<br>
<br clear="all"></pre>-- <br>-----------------<br>Andrea Peri<br>. . . . . . . . . <br>qwerty אטלעש<br>-----------------<br><br>