tags:

views:

25

answers:

1
Q: 

Grant EXECUTE to many PostGIS functions

Hello.

I have a Web Application which is based on MapServer, which uses PostGIS as underlying database extension. Now I want to have a dedicated database role which is used for MapServer, cause I don't want to access the database via the postgres superuser. This role should only have SELECT permission on public tables (which is easy to achieve) and EXECUTE permissions on public PostGIS functions.

Several questions arise: Are ALL the PostGIS relevant functions stored in the public schema of a database or is there anything else to consider?

How can I extract all the functions information - i.e. function name, number and names of arguments - from the information_schema or the pg_catalog of the database?! I need this information for the GRANT EXECUTE on function(args) to MapServerUser statements!

Thank you in advance!!!

A: 

In PostgreSQL 8.4.x:

SELECT n.nspname as "Schema",
  p.proname as "Name",
  pg_catalog.pg_get_function_result(p.oid) as "Result data type",
  pg_catalog.pg_get_function_arguments(p.oid) as "Argument data types",
CASE
  WHEN p.proisagg THEN 'agg'
  WHEN p.proiswindow THEN 'window'
  WHEN p.prorettype = 'pg_catalog.trigger'::pg_catalog.regtype THEN 'trigger'
  ELSE 'normal'
END as "Type"
FROM pg_catalog.pg_proc p
    LEFT JOIN pg_catalog.pg_namespace n ON n.oid = p.pronamespace
WHERE pg_catalog.pg_function_is_visible(p.oid)
     AND n.nspname <> 'pg_catalog'
  AND n.nspname <> 'information_schema'
ORDER BY 1, 2, 4;

Found by running psql with the -E parameter (show hidden queries) and then running the \df command.

Also, the "public" schema in PostgreSQL is just named that way. It carries no special meaning. It's a bad name. What you DO need to look out for is the "PUBLIC" role (all caps). While tables are not automatically granted the PUBLIC role, my experience is that PUBLIC automatically gets execute permission on functions defined with SECURITY INVOKER.

Matthew Wood  2010-10-07 14:33:37
I almost forgot: that query only shows the user-defined functions. If you need the internal functions, you'll need to remove the "AND n.nspname <> 'pg_catalog'" part of the WHERE clause.
Matthew Wood  2010-10-07 14:36:05
Thank you, this seems close to what I want. As I'm using PostgreSQL 8.2.9, I don't have the functions pg_get_fuction_result(oid) and pg_get_function_arguments(oid), so maybe you know the equivalent 8.2. functions? I looked for them but couldn't find them. Also, the column proiswindow does not exist.
ilu-tg  2010-10-07 14:51:30
Run this at the command line: "psql -E". Then issue the psql command "\df". It will print the query it uses to output the list of functions (with parameter and return types). That should work in all version of PostgreSQL.
Matthew Wood  2010-10-07 17:34:36

related questions

How do I (or can I) SELECT DISTINCT on multiple columns (postgresql)?
Is it possible to make a recursive SQL query ?
What does it mean when a PostgreSQL process is "idle in transaction"?
C# .NET + PostgreSQL
Possible to perform cross-database queries with postgres?
Cascading deletes in PostgreSQL
How to concatenate strings of a string field in a PostgreSQL 'group by' query?
Languages other than SQL in postgres
How to prevent Write Ahead Logging on just one table in PostgreSQL?
Using MS Access & ODBC to connect to a remote PostgreSQL
Reasons for SQL differences
PostgreSQL perfomance monitoring tool
How do you use script variables in PostgreSQL?
MySQL vs PostgreSQL for Web Applications
joining latest of various usermetadata tags to user rows
Good strategy for leaving an audit trail/change history for DB applications?
PostgreSQL: GIN or GiST indexes?
Migrating from MySQL to PostgreSQL
What's the preferred way to connect to a postgresql database from PHP?
Use for the phppgadmin Reports Database?
Recommendation for a PostgreSQL Programming Tutorial?
SQL Case Statement Syntax?
What language do you use for Postgresql triggers and stored procedures?
String literals and escape characters in postgresql
Python and MySQL