Database Reference
In-Depth Information
mitsviewingtheschema'schildobjects.Eachchildobjecthasitsownsetof
privileges, which we establish in the remaining steps.
12. PostGIS comes with more than 1,000 functions. It would be unreasonable
to individually set privileges for all those functions. Instead, we grant the
EXECUTE
privilege to the
public
metagroup and then grant and/or revoke
privileges to specific functions, such as management functions.
13. First, grant the
EXECUTE
privilege to the
public
metagroup by executing
the following command:
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA
postgis TO public;
14. Now, revoke the
EXECUTE
privileges of the
public
metagroup for some
functions,suchas
postgis_full_version()
,byexecutingthefollowing
command:
REVOKE ALL ON FUNCTION
postgis_full_version() FROM public;
15. The
GRANT
and
REVOKE
statementsdonotdifferentiatebetweentablesand
views. So, care must be taken to ensure that the applied privileges are ap-
propriate for the object.
16. We will grant the
SELECT
,
REFERENCES
, and
TRIGGER
privileges to the
public
metagroup on all
postgis
tables and views by executing the fol-
lowing command; none of these privileges give the
public
metagroup the
ability to alter the tables' or views' contents:
GRANT SELECT, REFERENCES, TRIGGER ON ALL
TABLES IN SCHEMA postgis TO public;
17. We want to allow
group1
to be able to insert new records into the
spa-
tial_ref_sys
table, so we must execute the following command:
GRANT INSERT ON spatial_ref_sys TO group1;
Groups and users that are not part of
group1
(such as
group2
) can only
usethe
SELECT
statementson
spatial_ref_sys
.Groupsandusersthat