Awesome, thanks! On Mon, Jun 1, 2020 at 11:43 AM Alessandro Pasotti <[email protected]> wrote:
> > Glad to hear that it worked! > > If you feel like the documentation should include an example, feel free to > add some more content to the > https://docs.qgis.org/testing/en/docs/user_manual/auth_system/auth_workflows.html > > There is also a section on organizations that might be relevant for this > kind of information. > > https://docs.qgis.org/testing/en/docs/user_manual/introduction/qgis_configuration.html#deploying-qgis-within-an-organization > > > > On Mon, Jun 1, 2020 at 5:29 PM Cliff Patterson <[email protected]> > wrote: > >> Tested this solution and it works perfectly. When using the same ID in >> the authentication settings, the projects saved to the DB do not retain the >> creator's per-layer permissions. >> >> Thanks for the help! >> >> Cliff >> >> On Mon, Jun 1, 2020 at 11:19 AM Cliff Patterson <[email protected]> >> wrote: >> >>> Hi Karl and Alessandro, >>> >>> This is helpful but DEFINITELY not intuitive. I will test this >>> configuration and report back. >>> >>> Cheers, >>> Cliff >>> >>> On Mon, Jun 1, 2020 at 9:51 AM Karl Magnus Jönsson < >>> [email protected]> wrote: >>> >>>> Hi! >>>> >>>> Alessandro, you where quicker! J >>>> >>>> >>>> >>>> If I understand correct, the actual credentials isn’t stored to the >>>> project. Just the auth config ID. If the user doesn’t have this in his >>>> local authentication database, or has it with other credentials(read) the >>>> project will not open with admin credentials. >>>> >>>> >>>> >>>> *Karl-Magnus Jönsson* >>>> >>>> >>>> >>>> *Från:* Qgis-user <[email protected]> *För *Cliff >>>> Patterson >>>> *Skickat:* den 1 juni 2020 15:36 >>>> *Till:* Alessandro Pasotti <[email protected]> >>>> *Kopia:* qgis-user <[email protected]> >>>> *Ämne:* Re: [Qgis-user] Save projects to DB without creator's >>>> permissions >>>> >>>> >>>> >>>> That's exactly the problem with the auth system. If you connect to a DB >>>> using the auth system and store a map in the DB (or anywhere for that >>>> matter), the map contains your credentials/permissions for EVERY layer that >>>> you added. So if you create a map while logged in as DB owner (i.e. full >>>> perms for every layer), any user who opens it will have full permissions on >>>> every layer in the map. The only workaround for this is to remember to use >>>> basic auth and uncheck "store" beside password whenever creating a shared >>>> project. >>>> >>>> >>>> >>>> Any other less vulnerable workarounds would be very helpful, though I >>>> doubt any exist. >>>> >>>> >>>> >>>> Cliff >>>> >>>> >>>> >>>> On Fri, May 29, 2020 at 3:03 PM Alessandro Pasotti <[email protected]> >>>> wrote: >>>> >>>> Maybe all that you need is in the QHIS auth system is >>>> https://docs.qgis.org/3.10/en/docs/user_manual/auth_system/auth_workflows.html#changing-authentication-config-id >>>> >>>> >>>> >>>> The master password can be stored in the operating system wallet so >>>> that the user will not need to type his password. >>>> >>>> >>>> >>>> Regards >>>> >>>> >>>> >>>> >>>> >>>> On Fri, May 29, 2020, 19:39 Cliff Patterson <[email protected]> >>>> wrote: >>>> >>>> PS: I realize I can create maps with basic auth and not store the PW, >>>> which prompts the user to enter their creds. But is there a better way now >>>> to achieve the same result? >>>> >>>> >>>> >>>> Cliff >>>> >>>> >>>> >>>> On Fri, May 29, 2020 at 1:29 PM Cliff Patterson <[email protected]> >>>> wrote: >>>> >>>> What is the best approach to save QGIS projects to PostgreSQL >>>> without saving the project-creator's credentials/permissions? If the DB >>>> admin creates a project and saves it to the DB, anyone opening that project >>>> will attain the admin's permissions on layers in that map. >>>> >>>> >>>> >>>> To recreate: >>>> >>>> >>>> >>>> 1) Create a map containing PostGIS layers and save project to DB. All >>>> layers should be editable by the admin. Admin is logged into DB with auth >>>> config, not basic auth. >>>> >>>> 2) Create a new read-only user and new profile in QGIS and log in to DB. >>>> >>>> 3) Open the project and try to edit layers. Read-only user will be able >>>> to see and edit all layers just like the DB Admin. >>>> >>>> >>>> >>>> Is there a way to save projects to DB WITHOUT saving any user >>>> creds/permissions? >>>> >>>> >>>> >>>> Cliff >>>> >>>> >>>> >>>> -- >>>> >>>> Cliff Patterson Ph.D. >>>> >>>> *PSD* | Senior GIS Consultant >>>> P: 519-690-2565 ext. 2616 >>>> www.psdrcs.com >>>> London | 148 Fullarton St. 9th Floor >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Cliff Patterson Ph.D. >>>> >>>> *PSD* | Senior GIS Consultant >>>> P: 519-690-2565 ext. 2616 >>>> www.psdrcs.com >>>> London | 148 Fullarton St. 9th Floor >>>> >>>> _______________________________________________ >>>> Qgis-user mailing list >>>> [email protected] >>>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user >>>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Cliff Patterson Ph.D. >>>> >>>> *PSD* | Senior GIS Consultant >>>> P: 519-690-2565 ext. 2616 >>>> www.psdrcs.com >>>> London | 148 Fullarton St. 9th Floor >>>> >>>> >>> >>> -- >>> >>> Cliff Patterson Ph.D. >>> >>> *PSD* | Senior GIS Consultant >>> P: 519-690-2565 ext. 2616 >>> www.psdrcs.com >>> London | 148 Fullarton St. 9th Floor >>> >>> >> >> -- >> >> Cliff Patterson Ph.D. >> >> *PSD* | Senior GIS Consultant >> P: 519-690-2565 ext. 2616 >> www.psdrcs.com >> London | 148 Fullarton St. 9th Floor >> >> > > -- > Alessandro Pasotti > QCooperative: www.qcooperative.net > ItOpen: www.itopen.it > -- Cliff Patterson Ph.D. *PSD* | Senior GIS Consultant P: 519-690-2565 ext. 2616 www.psdrcs.com London | 148 Fullarton St. 9th Floor
_______________________________________________ Qgis-user mailing list [email protected] List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
