>I have a number of users each of which has their >own schema. I don't want the users to be able >to enable/disable the geospatialness of anyone >else's columns. What's the right way to >secure postgis so as to prevent this? It seems >that a single, global, geometry_columns is the >problem.
I guess a solution could be this: you set the geometry_column to read-only for all user except "postgres" user. After you can create a schema for every user must add table using only its schema (its username). After you create two security definer function with owner "postgres" that add and remove a row (a table) from geometry_column. and this two function has all the parameters needed for add a table to geometry_column. The function before add to geometry_columns retrieve the "session-user" and check if that is the same of the schema-parameter. If equal -> ok add if not-equel-> "error: you are not allowable to add a table to schema" Pay attention you must use "session-user" not "current-user" to check. regards, -- ----------------- Andrea Peri . . . . . . . . . qwerty àèìòù -----------------
_______________________________________________ postgis-users mailing list postgis-users@postgis.refractions.net http://postgis.refractions.net/mailman/listinfo/postgis-users
