[postgis-users] Securing postgis

Karl O. Pinc kop at meme.com
Tue Mar 1 13:23:13 PST 2011


I have a number of users each of which has their
own schema.  I don't want the users to be able
to enable/disable the geospatialness of anyone
else's columns.  What's the right way to
secure postgis so as to prevent this?  It seems
that a single, global, geometry_columns is the

I see a number of possibliities.

If geometry_coulumns is all that needs to be secured
I could create the table in each user's schema.
If there's a lot of other infrastructure that needs
to be duplicated this would not work as well --
the user's schemas would be all cluttered up.
But I can see where having multiple geometry_columns
tables could complicate an upgrade....

I could create a separate postgis schema for
each user, but that seems overkill and I'm not
at all clear on how $user is expanded in
the search_path and whether or not it'd be possible
to automatically have such schemas in the search

then again I could just forget about it and
hope the users don't kill each other.

What's the best approach here?


Karl <kop at meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein

More information about the postgis-users mailing list