Opened 10 years ago
Closed 10 years ago
#2905 closed defect (duplicate)
Ensure that raster_columns is always readable by public unless explicitly made unreadable
Reported by: | robe | Owned by: | dustymugs |
---|---|---|---|
Priority: | medium | Milestone: | PostGIS 2.1.4 |
Component: | raster | Version: | 2.1.x |
Keywords: | Cc: |
Description
This is related to #2821. Some how strk got himself into a state where raster_columns is not readable by all users of a db, and thus raster import failed.
We currently have raster_columns as publically readable in the rtpostgis.sql.in
via
GRANT SELECT ON TABLE raster_columns TO public; GRANT SELECT ON TABLE raster_overviews TO public;
Looking at my views, these lines DO show on permissions of these views. If a database were to be restored then CREATE EXTENSION would run which would reapply these permissions. Said permissions should also be included in upgrade. Perhaps they are not — we need to confirm they are.
Change History (5)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
Nor in the extension upgrade scripts (derived from the former)
$ grep -iw GRANT extensions/postgis/sql/postgis--*--*.sql # no hits
I'm afraid we cannot really tell if the user explicitly made them unreadable.
Generally speaking, GRANTS have been usually left out of postgis enabler scripts, this is all a new thing. Maybe we should have a function to "reset to default permissions"
comment:3 by , 10 years ago
Another idea would be that some function is made available to check the state of installation. Right now only "postgis_full_version" does some of that, warning if you're out of sync between library and scripts, maybe the same function could also check permissions and warn you about that ?
comment:4 by , 10 years ago
See also #2823 which is about loosing all GRANTS on upgrade (either granted by system install or manually). Actually, maybe this is a duplicate. Your call, Regina.
comment:5 by , 10 years ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
yah I think its a duplicate
Grants are not found in upgrade scripts: