Note that there is a little trick that might make things easier: suppose you want to share a QGS project within an organization, by using the QGIS authentication database you can create an authentication configuration with a know ID (the usually automatic 7 characters ID) and share the project withing your organization using that authentication configuration to access the server, to load the project (and to connect to the server) all what a user would need to do is to create an authentication configuration with the same ID (but with his/her own credentials).
We happily tested it with PKI user certificates on a postgis backend. On Sun, Apr 26, 2020 at 9:26 AM Michael Dufty <[email protected]> wrote: > > Good point on the security, so far we’ve been relying on the server only > being accessible from our network, but would be good to be able to open that > up. > > Other than that would simultaneous uses of the same account be likely to > cause issues. > > > > Michael Dufty > > > > From: Qgis-user <[email protected]> On Behalf Of Jeff Hubbs > Sent: Sunday, 26 April 2020 1:45 AM > To: [email protected] > Subject: Re: [Qgis-user] User setup for PostGres/PostGis use with QGIS > > > > Agree, strongly. Even better to have an independent authentication system > (e.g. LDAP) that everything uses but at minimum, separate PostgreSQL accounts > for everybody is highly recommended. > > > > On 4/25/20 11:39 AM, Jo wrote: > > From a security perspective you definitely want to create a distinct user > account for each user. What if a user leaves your organisation? Will you > update the password and have to communicate it to everyone before they can do > further work? That's more cumbersome than doing it right from the start. > > > > After a while you may also discover that some users will need different > rights. > > > > Jo > > > > On Sat, Apr 25, 2020 at 12:23 PM Michael Dufty > <[email protected]> wrote: > > I’m looking at setting up a postGIS server for use to store mapping files to > use with QGIS. > > We have about a dozen users who will all need to be able to edit layers and > save new layers to the server, and any new layers they create need to be > editable by other users. > > > > Can anyone advise if having everyone use the same user account would be a > good idea? Since everyone will have the same privileges this would seem to > simplify setup. Often there will be different people editing the same QGIS > project at different times, and I think it would help with that, although it > looks like we would need to use the same id for the authentication on every > computer if we don’t want password prompts all the time. I’m just concerned > this may cause issues with the server if the same user account is accessing > the database from different locations at the same time. > > > > As I understand it the alternative would be to create a role that all > accounts are members of, and alter the default privileges for each account so > the role gets access to any new tables created, which would be a bit of a > pain to set up for lots of accounts, but probably OK. > > > > I have struggled with this in the past, and the consultant who set up a > similar server for us in the past to use with Manifold gave up on getting > permissions to work and just made every account a superuser. This doesn’t > seem ideal, but hasn’t caused any issues in over 10 years. > > > > > > Michael Dufty > > > > _______________________________________________ > Qgis-user mailing list > [email protected] > List info: https://lists.osgeo.org/mailman/listinfo/qgis-user > Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user > > > > _______________________________________________ > > Qgis-user mailing list > > [email protected] > > List info: https://lists.osgeo.org/mailman/listinfo/qgis-user > > Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user > > > > _______________________________________________ > Qgis-user mailing list > [email protected] > List info: https://lists.osgeo.org/mailman/listinfo/qgis-user > Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user -- Alessandro Pasotti w3: www.itopen.it _______________________________________________ Qgis-user mailing list [email protected] List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
