Opened 5 years ago

Closed 3 years ago

Last modified 2 years ago

#4575 closed defect (fixed)

GRANT select on topology metadata tables to public

Reported by: strk Owned by: strk
Priority: medium Milestone: PostGIS Fund Me
Component: topology Version: master
Keywords: Cc:

Description

We do this already for geography_columns, geometry_columns and spatial_ref_sys so I don't see why we shouldn't do for topology.topology and topology.layers as well.

NOTE: lack of this was the source of this QGIS regression: https://github.com/qgis/QGIS/issues/32726

Change History (15)

comment:1 by strk, 5 years ago

Related ticket (raster): #4576

comment:2 by robe, 5 years ago

Oh wait I remember why we did it on just those. Not sure the reason is that important though.

For geography_columns and geometry_columns — they are both views, so what you can see in them is already dictated by visibility of the table to the user.

That said if a user can't see X table, that X table doesn't show in geography/geometry columns views either.

Topology is a real table, so there is some concern there.

spatial_ref_sys wasn't of much concern because it's largely static table that anybody can see by looking at postgis source code anyway.

comment:3 by robe, 5 years ago

+0.5 here — While there is some risk in that people can see topologies they don't have rights to, I feel like not much data is listed anyway so making it publically readable outweighs the risk.

comment:4 by strk, 4 years ago

I filed #4682 for turning topology.topology and topology.layer into views

comment:5 by pramsey, 4 years ago

Milestone: PostGIS 3.1.0PostGIS 3.2.0
Resolution: wontfix
Status: newclosed

Seems like the view approach invalidates this.

comment:6 by strk, 4 years ago

The view approach doesn't have a clear solution at the moment (due to topology identifiers)

comment:7 by Lars Aksel Opsahl, 3 years ago

When compiling a new cluster from scratch public still seems to miss access to the topology schema.

So I have to run 'GRANT usage ON SCHEMA topology TO PUBLIC'

Could this part of the install script ?

comment:8 by Lars Aksel Opsahl, 3 years ago

Resolution: wontfix
Status: closedreopened

comment:9 by strk, 3 years ago

Should PUBLIC be also given permission to increment topology_id_seq sequence ? It would be *needed* for anyone who's intended to have permission to create topologies.

comment:10 by strk, 3 years ago

merge request for review: https://gitlab.com/postgis/postgis/-/merge_requests/54

Only grants SELECT on the metadata tables, but it isn't of much use on itself. We could add USAGE as mentioned by Lars, but it would still be a read-only usage unless we also allow incrementing sequences (safe thing to do for PUBLIC?).

comment:11 by Lars Aksel Opsahl, 3 years ago

The most important is select because it's a lot of used cases where we only need select.

But it is strange that a user can create a table with geometry column and and not topology column, seen from a user perspective so I think you should allow public access to increment sequence.

By the way why are these tables located in the topology schema and not in public as for instance public.geometry_columns is ?

comment:12 by strk, 3 years ago

I'm thinking as an alternative we could make the CreateTopology function a SECURITY DEFINER and have the code check if the user has permission to create schemas (as creating a topology at the moment means creating a schema…).

Everything is located under topology schema for cleanness (I'd love to also see "postgis" under a "postgis" schema, but PostGIS predates the time when PostgreSQL added support for schemas…)

comment:13 by strk, 3 years ago

Milestone: PostGIS 3.2.0PostGIS Fund Me

comment:14 by Sandro Santilli <strk@…>, 3 years ago

Resolution: fixed
Status: reopenedclosed

In 3ff851a/git:

GRANT select on topology.topology and topology.layer to PUBLIC

Closes #4575

comment:15 by strk, 2 years ago

USAGE on schema was left out, I filed #5124 to include that as well

Note: See TracTickets for help on using tickets.