<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
h1
{mso-style-priority:9;
mso-style-link:"\00DCberschrift 1 Zchn";
margin-top:12.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
page-break-after:avoid;
font-size:16.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
h2
{mso-style-priority:9;
mso-style-link:"\00DCberschrift 2 Zchn";
margin-top:12.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
page-break-after:avoid;
font-size:14.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
h3
{mso-style-priority:9;
mso-style-link:"\00DCberschrift 3 Zchn";
margin-top:12.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
page-break-after:avoid;
font-size:12.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
h4
{mso-style-priority:9;
mso-style-link:"\00DCberschrift 4 Zchn";
margin-top:12.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
page-break-after:avoid;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
h5
{mso-style-priority:9;
mso-style-link:"\00DCberschrift 5 Zchn";
margin-top:12.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
page-break-after:avoid;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.MsoHeader, li.MsoHeader, div.MsoHeader
{mso-style-priority:99;
mso-style-link:"Kopfzeile Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.MsoFooter, li.MsoFooter, div.MsoFooter
{mso-style-priority:99;
mso-style-link:"Fu\00DFzeile Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.MsoListBullet, li.MsoListBullet, div.MsoListBullet
{mso-style-priority:99;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-18.0pt;
mso-list:l2 level1 lfo6;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.MsoListBulletCxSpFirst, li.MsoListBulletCxSpFirst, div.MsoListBulletCxSpFirst
{mso-style-priority:99;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-18.0pt;
mso-list:l2 level1 lfo6;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.MsoListBulletCxSpMiddle, li.MsoListBulletCxSpMiddle, div.MsoListBulletCxSpMiddle
{mso-style-priority:99;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-18.0pt;
mso-list:l2 level1 lfo6;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.MsoListBulletCxSpLast, li.MsoListBulletCxSpLast, div.MsoListBulletCxSpLast
{mso-style-priority:99;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-18.0pt;
mso-list:l2 level1 lfo6;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.MsoListNumber, li.MsoListNumber, div.MsoListNumber
{mso-style-priority:99;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:18.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-18.0pt;
mso-list:l0 level1 lfo8;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.MsoListNumberCxSpFirst, li.MsoListNumberCxSpFirst, div.MsoListNumberCxSpFirst
{mso-style-priority:99;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:18.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-18.0pt;
mso-list:l0 level1 lfo8;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.MsoListNumberCxSpMiddle, li.MsoListNumberCxSpMiddle, div.MsoListNumberCxSpMiddle
{mso-style-priority:99;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:18.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-18.0pt;
mso-list:l0 level1 lfo8;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.MsoListNumberCxSpLast, li.MsoListNumberCxSpLast, div.MsoListNumberCxSpLast
{mso-style-priority:99;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:18.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
text-indent:-18.0pt;
mso-list:l0 level1 lfo8;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.MsoTitle, li.MsoTitle, div.MsoTitle
{mso-style-priority:10;
mso-style-link:"Titel Zchn";
margin-top:24.0pt;
margin-right:0cm;
margin-bottom:12.0pt;
margin-left:0cm;
mso-add-space:auto;
font-size:20.0pt;
font-family:"Arial",sans-serif;
letter-spacing:.25pt;
mso-fareast-language:EN-US;
font-weight:bold;}
p.MsoTitleCxSpFirst, li.MsoTitleCxSpFirst, div.MsoTitleCxSpFirst
{mso-style-priority:10;
mso-style-link:"Titel Zchn";
mso-style-type:export-only;
margin-top:24.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:20.0pt;
font-family:"Arial",sans-serif;
letter-spacing:.25pt;
mso-fareast-language:EN-US;
font-weight:bold;}
p.MsoTitleCxSpMiddle, li.MsoTitleCxSpMiddle, div.MsoTitleCxSpMiddle
{mso-style-priority:10;
mso-style-link:"Titel Zchn";
mso-style-type:export-only;
margin:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:20.0pt;
font-family:"Arial",sans-serif;
letter-spacing:.25pt;
mso-fareast-language:EN-US;
font-weight:bold;}
p.MsoTitleCxSpLast, li.MsoTitleCxSpLast, div.MsoTitleCxSpLast
{mso-style-priority:10;
mso-style-link:"Titel Zchn";
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:12.0pt;
margin-left:0cm;
mso-add-space:auto;
font-size:20.0pt;
font-family:"Arial",sans-serif;
letter-spacing:.25pt;
mso-fareast-language:EN-US;
font-weight:bold;}
p.MsoSubtitle, li.MsoSubtitle, div.MsoSubtitle
{mso-style-priority:11;
mso-style-link:"Untertitel Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Arial",sans-serif;
letter-spacing:.75pt;
mso-fareast-language:EN-US;
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
p.Standard85, li.Standard85, div.Standard85
{mso-style-name:"Standard 8\.5";
mso-style-link:"Standard 8\.5 Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.5pt;
font-family:"Arial",sans-serif;
mso-fareast-language:EN-US;}
span.Standard85Zchn
{mso-style-name:"Standard 8\.5 Zchn";
mso-style-link:"Standard 8\.5";
font-family:"Arial",sans-serif;}
span.berschrift1Zchn
{mso-style-name:"\00DCberschrift 1 Zchn";
mso-style-priority:9;
mso-style-link:"\00DCberschrift 1";
font-family:"Arial",sans-serif;
font-weight:bold;}
span.berschrift2Zchn
{mso-style-name:"\00DCberschrift 2 Zchn";
mso-style-priority:9;
mso-style-link:"\00DCberschrift 2";
font-family:"Arial",sans-serif;
font-weight:bold;}
span.berschrift3Zchn
{mso-style-name:"\00DCberschrift 3 Zchn";
mso-style-priority:9;
mso-style-link:"\00DCberschrift 3";
font-family:"Arial",sans-serif;
font-weight:bold;}
span.berschrift4Zchn
{mso-style-name:"\00DCberschrift 4 Zchn";
mso-style-priority:9;
mso-style-link:"\00DCberschrift 4";
font-family:"Arial",sans-serif;
font-weight:bold;}
span.berschrift5Zchn
{mso-style-name:"\00DCberschrift 5 Zchn";
mso-style-priority:9;
mso-style-link:"\00DCberschrift 5";
font-family:"Arial",sans-serif;
font-weight:bold;}
span.UntertitelZchn
{mso-style-name:"Untertitel Zchn";
mso-style-priority:11;
mso-style-link:Untertitel;
font-family:"Arial",sans-serif;
letter-spacing:.75pt;
font-weight:bold;}
span.TitelZchn
{mso-style-name:"Titel Zchn";
mso-style-priority:10;
mso-style-link:Titel;
font-family:"Arial",sans-serif;
letter-spacing:.25pt;
font-weight:bold;}
span.KopfzeileZchn
{mso-style-name:"Kopfzeile Zchn";
mso-style-priority:99;
mso-style-link:Kopfzeile;
font-family:"Arial",sans-serif;}
span.FuzeileZchn
{mso-style-name:"Fu\00DFzeile Zchn";
mso-style-priority:99;
mso-style-link:Fu\00DFzeile;
font-family:"Arial",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.E-MailFormatvorlage36
{mso-style-type:personal;
font-family:"Arial",sans-serif;
font-variant:normal !important;
color:windowtext;
text-transform:none;
position:relative;
top:0pt;
mso-text-raise:0pt;
letter-spacing:0pt;
mso-ligatures:none;
mso-number-form:default;
mso-number-spacing:default;
mso-stylistic-set:0;
mso-contextual-alternates:no;
font-weight:normal;
font-style:normal;
text-decoration:none none;
vertical-align:baseline;}
span.E-MailFormatvorlage37
{mso-style-type:personal-reply;
font-family:"Arial",sans-serif;
font-variant:normal !important;
color:windowtext;
text-transform:none;
position:relative;
top:0pt;
mso-text-raise:0pt;
letter-spacing:0pt;
mso-ligatures:none;
mso-number-form:default;
mso-number-spacing:default;
mso-stylistic-set:0;
mso-contextual-alternates:no;
text-shadow:none;
font-weight:normal;
font-style:normal;
text-decoration:none none;
vertical-align:baseline;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:-120;
mso-list-type:simple;
mso-list-template-ids:-2036700426;}
@list l0:level1
{mso-level-style-link:Listennummer;
mso-level-tab-stop:18.0pt;
mso-level-number-position:left;
margin-left:18.0pt;
text-indent:-18.0pt;}
@list l1
{mso-list-id:-119;
mso-list-type:simple;
mso-list-template-ids:1072705328;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:18.0pt;
mso-level-number-position:left;
margin-left:18.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:99691344;
mso-list-type:hybrid;
mso-list-template-ids:-435887208 -755725786 134676483 134676485 134676481 134676483 134676485 134676481 134676483 134676485;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-style-link:Aufz\00E4hlungszeichen;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE-CH" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">We installed PostGIS with role (user) a.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">When role (user) b tried to call function st_estimatedextent he got a "permission denied" error.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">We found the function to be installed within public schema, owned by role a, defined with security definer.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">We had to grant role a permissions on role b schematas and objects for getting the function working.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">QUESTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">Under which role should PostGIS ideally be installed?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">Is there an installation option having all functions defined as security invoker?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
</body>
</html>