Hi Karl and Alessandro, This is helpful but DEFINITELY not intuitive. I will test this configuration and report back.
Cheers, Cliff On Mon, Jun 1, 2020 at 9:51 AM Karl Magnus Jönsson < [email protected]> wrote: > Hi! > > Alessandro, you where quicker! J > > > > If I understand correct, the actual credentials isn’t stored to the > project. Just the auth config ID. If the user doesn’t have this in his > local authentication database, or has it with other credentials(read) the > project will not open with admin credentials. > > > > *Karl-Magnus Jönsson* > > > > *Från:* Qgis-user <[email protected]> *För *Cliff > Patterson > *Skickat:* den 1 juni 2020 15:36 > *Till:* Alessandro Pasotti <[email protected]> > *Kopia:* qgis-user <[email protected]> > *Ämne:* Re: [Qgis-user] Save projects to DB without creator's permissions > > > > That's exactly the problem with the auth system. If you connect to a DB > using the auth system and store a map in the DB (or anywhere for that > matter), the map contains your credentials/permissions for EVERY layer that > you added. So if you create a map while logged in as DB owner (i.e. full > perms for every layer), any user who opens it will have full permissions on > every layer in the map. The only workaround for this is to remember to use > basic auth and uncheck "store" beside password whenever creating a shared > project. > > > > Any other less vulnerable workarounds would be very helpful, though I > doubt any exist. > > > > Cliff > > > > On Fri, May 29, 2020 at 3:03 PM Alessandro Pasotti <[email protected]> > wrote: > > Maybe all that you need is in the QHIS auth system is > https://docs.qgis.org/3.10/en/docs/user_manual/auth_system/auth_workflows.html#changing-authentication-config-id > > > > The master password can be stored in the operating system wallet so that > the user will not need to type his password. > > > > Regards > > > > > > On Fri, May 29, 2020, 19:39 Cliff Patterson <[email protected]> wrote: > > PS: I realize I can create maps with basic auth and not store the PW, > which prompts the user to enter their creds. But is there a better way now > to achieve the same result? > > > > Cliff > > > > On Fri, May 29, 2020 at 1:29 PM Cliff Patterson <[email protected]> > wrote: > > What is the best approach to save QGIS projects to PostgreSQL > without saving the project-creator's credentials/permissions? If the DB > admin creates a project and saves it to the DB, anyone opening that project > will attain the admin's permissions on layers in that map. > > > > To recreate: > > > > 1) Create a map containing PostGIS layers and save project to DB. All > layers should be editable by the admin. Admin is logged into DB with auth > config, not basic auth. > > 2) Create a new read-only user and new profile in QGIS and log in to DB. > > 3) Open the project and try to edit layers. Read-only user will be able to > see and edit all layers just like the DB Admin. > > > > Is there a way to save projects to DB WITHOUT saving any user > creds/permissions? > > > > Cliff > > > > -- > > Cliff Patterson Ph.D. > > *PSD* | Senior GIS Consultant > P: 519-690-2565 ext. 2616 > www.psdrcs.com > London | 148 Fullarton St. 9th Floor > > > > > -- > > Cliff Patterson Ph.D. > > *PSD* | Senior GIS Consultant > P: 519-690-2565 ext. 2616 > www.psdrcs.com > London | 148 Fullarton St. 9th Floor > > _______________________________________________ > Qgis-user mailing list > [email protected] > List info: https://lists.osgeo.org/mailman/listinfo/qgis-user > Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user > > > > > -- > > Cliff Patterson Ph.D. > > *PSD* | Senior GIS Consultant > P: 519-690-2565 ext. 2616 > www.psdrcs.com > London | 148 Fullarton St. 9th Floor > > -- Cliff Patterson Ph.D. *PSD* | Senior GIS Consultant P: 519-690-2565 ext. 2616 www.psdrcs.com London | 148 Fullarton St. 9th Floor
_______________________________________________ Qgis-user mailing list [email protected] List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
