[postgis-users] Securing postgis

Andrea Peri aperi2007 at gmail.com
Wed Mar 2 01:00:40 PST 2011


>I have a number of users each of which has their
>own schema.  I don't want the users to be able
>to enable/disable the geospatialness of anyone
>else's columns.  What's the right way to
>secure postgis so as to prevent this?  It seems
>that a single, global, geometry_columns is the
>problem.

I guess a solution could be this:

you set the geometry_column to read-only for all user except "postgres" user.

After you can create a schema for every user must add table using only
its schema (its username).

After you create two security definer function with owner "postgres"
that add and remove a row (a table) from geometry_column.
and this two function has all the parameters needed for add a table to
geometry_column.

The function before add to geometry_columns retrieve the
"session-user" and check if that is the same of the
schema-parameter.
If equal -> ok add
if not-equel-> "error: you are not allowable to add a table to schema"

Pay attention you must use "session-user" not "current-user" to check.

regards,

-- 
-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/postgis-users/attachments/20110302/f6718ebc/attachment.html>


More information about the postgis-users mailing list