On 4/14/2014 7:25 AM, Mark Volz wrote:
Hello,
I would like to set up a user account in PostGIS / PostGRES with the
following:
·The user has read only access to all of the layers in a particular
database.
·The user also have read only access to any layers added or updated
through the shapefile uploader.
·The client software may be ArcGIS*, AutoCAD (Map), QGIS, MapServer, etc.
*ArcGIS will use “query layers”, not SDE.
If anyone has any cliff notes on how to properly set up read only
permissions please let me know.
Thank You
Sincerely,
Mark Volz, GISP
You can think of users and groups pretty much the same. "user" and
"role" are mostly interchangeable.
Doesn't really matter who the owner of the db is, that can stay as-is.
We'll create a new role:
create user unwashed with password 'notpassword';
-- the difference between role and user is the "can login" right. For
me I was gonna grant them all login rights anyway. You should be able
to change the above to "create role" if you wanted to tighten it down.
-- grant it select
grant select on maintable to unwashed;
-- if you use sequences, they need rights
grant all on sequence maintable_id_seq to unwashed;
-- func's need exec:
grant execute on function update(userid integer) to unwashed;
-- There might be other's I'm missing.
-- Then create a new user in the unwashed group:
create user bob with nocreaterole password 'notpassword' in role unwashed;
Its simple to add/remove users now. When you create new stuff, remember
to grant the unwashed select rights. :-)
-Andy
_______________________________________________
postgis-users mailing list
[email protected]
http://lists.osgeo.org/cgi-bin/mailman/listinfo/postgis-users
