<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi,</p>
<p>This thread becoming is quite interesting :-) Let me share my
experience regarding authentication.<br>
</p>
<p>I'm using PG_SERVICES and LDAP authentication on Postgresql. No
credentials are saved into the projects, so everyone opens shared
projects with their own credentials.</p>
<p>I'm also storing styles and projects on the database. It is easy
to share among several users. <br>
</p>
<p>All users have configured QGIS to use the same shared network
folder for SVG, layout images and custom fonts.</p>
<p>This same folder is also available on the QGIS Server (to provide
all styles with the SVGs, images and fonts used by QGIS Desktop).</p>
<p>Regards,</p>
<p>Jorge Gustavo<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 20/11/19 13:15, Andreas Neumann
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:7d5da7f93b339685ca1dc6da0ccfb586@carto.net">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Hi Luigi and Alessandro,</p>
<p>thanks for the clarifications.</p>
<p>Quick other question: is it correct that the id MUST be exactly
7 characters Less than or more than 7 characters won't work? At
least on my system saving the config is deactivated if it is
less than 7 chars.</p>
<p>Thanks,</p>
<p>Andreas</p>
<p id="reply-intro">On 2019-11-20 13:46, Alessandro Pasotti wrote:</p>
<blockquote type="cite" style="padding: 0 0.4em; border-left:
#1010ff 2px solid; margin: 0">
<div id="replybody1">
<div>
<div dir="ltr">
<div dir="ltr"> </div>
<br>
<div class="v1gmail_quote">
<div class="v1gmail_attr" dir="ltr">On Wed, Nov 20, 2019
at 1:24 PM Andreas Neumann <<a
href="mailto:a.neumann@carto.net" rel="noreferrer"
moz-do-not-send="true">a.neumann@carto.net</a>>
wrote:</div>
<blockquote class="v1gmail_quote" style="margin: 0px 0px
0px 0.8ex; border-left: 1px solid #cccccc;
padding-left: 1ex;">
<div style="font-size: 10pt; font-family:
Verdana,Geneva,sans-serif;">
<p>Hi,</p>
<p>I wonder what is best practice to handle auth
configs across several users for sharing of
projects?</p>
<p>Should we ask users to create the same
auth-config ids/names to make projects
interoperable, where each users would have
different credentials, but share the auth-config
id that is stored in the QGIS project file?</p>
<p>Is this how we should do it? Otherwise users
would end up with different auth-ids and then
can't open QGIS files from their colleagues
without a hassle ...</p>
<p>Or are there better/alternative approaches?</p>
</div>
</blockquote>
<div> </div>
<div>One of the best ways we've used so far was to
pre-define at the organization level a small set of
authids, you are limited to 7 chars but that's not a
big issue. </div>
<div> </div>
<div>So, when creating project you will use one of the
pre-defined auth ids, of course every user will have
to use his own local QGIS auth DB (this is all handled
transparently by the QGIS auth system) where he stores
his own credentials.</div>
<div> </div>
<div>If you share your project within your organization,
as long as the user who receives the project has his
credentials already sets for the given auth ids access
will be granted automatically, if not he will be
prompted to enter credentials and if he stores them in
the QGIS auth local DB this will be required only for
the first time.</div>
<div> </div>
<div>This system gives the sysadmins full flexibility:
individual credentials can be revoked/granted, no need
to share any auth DB in any case.</div>
<div> </div>
<div>Hope this helps.</div>
<div> </div>
<blockquote class="v1gmail_quote" style="margin: 0px 0px
0px 0.8ex; border-left: 1px solid #cccccc;
padding-left: 1ex;">
<div style="font-size: 10pt; font-family:
Verdana,Geneva,sans-serif;">
<p>Andreas</p>
<p id="v1gmail-m_-1164455460924482032reply-intro">On
2019-11-20 13:14, Hernán De Angelis wrote:</p>
<blockquote style="padding: 0px 0.4em; border-left:
2px solid #1010ff; margin: 0px;">
<div id="v1gmail-m_-1164455460924482032replybody1">
<div>
<p>Interesting point, Luigi. Thank you!</p>
<p>Hernán</p>
<p><br>
</p>
<div>On 2019-11-20 12:58, Luigi Pirelli wrote:</div>
<blockquote style="padding: 0px 0.4em;
border-left: 2px solid #1010ff; margin:
0px;">
<div dir="ltr">this is not an issue,
Postgres support many auth systems most of
them paired with the authentication system
implemented in QGIS. Other problem is how
to share (auth.db) credentials or security
setting among different users.<br>
<div>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div> </div>
<div>Luigi Pirelli<br>
<br>
**************************************************************************************************<br>
* LinkedIn: <a
href="https://www.linkedin.com/in/luigipirelli"
target="_blank"
rel="noopener
noreferrer"
moz-do-not-send="true">https://www.linkedin.com/in/luigipirelli</a><br>
* Stackexchange: <a
href="http://gis.stackexchange.com/users/19667/luigi-pirelli"
target="_blank"
rel="noopener
noreferrer"
moz-do-not-send="true">http://gis.stackexchange.com/users/19667/luigi-pirelli</a><br>
* GitHub: <a
href="https://github.com/luipir"
target="_blank"
rel="noopener
noreferrer"
moz-do-not-send="true">https://github.com/luipir</a><br>
* Book: <a
href="https://www.packtpub.com/eu/application-development/mastering-geospatial-development-qgis-3x-third-edition"
target="_blank"
rel="noopener
noreferrer"
moz-do-not-send="true">Mastering
QGIS3 - 3rd Edition</a></div>
<div>* Hire a team: <a
href="http://www.qcooperative.net" target="_blank" rel="noopener
noreferrer"
moz-do-not-send="true">http://www.qcooperative.net</a><br>
**************************************************************************************************</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div>
<div dir="ltr">On Wed, 20 Nov 2019 at
11:53, Jan-Eric Oskarsson <<a
href="mailto:jan-eric@kregis.se"
rel="noreferrer"
moz-do-not-send="true">jan-eric@kregis.se</a>>
wrote:</div>
<blockquote type="cite" style="padding: 0
0.4em; border-left: #1010ff 2px solid;
margin: 0">Hi Hernán!<br>
Maybe this comment is redundant but you
have to set up a strong security to
prevent hackers to hack your database
and steal your data and cause damage.<br>
I hope uthat you already have thought
about this issu!<br>
<br>
Kind Regards<br>
Jan-Eric<br>
<br>
-----Ursprungligt meddelande-----<br>
Från: Qgis-user <<a
href="mailto:qgis-user-bounces@lists.osgeo.org"
rel="noreferrer"
moz-do-not-send="true">qgis-user-bounces@lists.osgeo.org</a>>
För Hernán De Angelis<br>
Skickat: den 20 november 2019 11:10<br>
Till: qgis-user <<a
href="mailto:qgis-user@lists.osgeo.org"
rel="noreferrer"
moz-do-not-send="true">qgis-user@lists.osgeo.org</a>><br>
Ämne: [Qgis-user] Experiences using QGIS
+ PostgreSQL/PostGIS in a multiuser
environment?<br>
<br>
Hello QGIS:ers<br>
<br>
I am evaluating setting up a server
running PostgreSQL/PostGIS for use as
data sharing/collaborating environment
for spatial data. The user group may
consist of up to 15 people, mostly using
QGIS but one or two may use other
software (non OS). Data is almost
exclusively of vector type. The use is
within a single organization.<br>
<br>
I understand some people in this list
have experience with this kind of
environment and would appreciate if any
of you would share any useful
experience, challenges, thought or
things to watch out for. I understand
basic management routines are critical
(user management, user rights), as well
as a sound backup and update strategy. I
also understand that proper data
management procedures have to be in
place, like rules for table creation and
eventual deletion, attribute selection,
etc. But what else can go wrong with
this kind of setup if not managed
properly? <br>
Thoughts and experiences welcome!<br>
<br>
Best regards and thanks in advance<br>
<br>
Hernán<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Qgis-user mailing list<br>
<a
href="mailto:Qgis-user@lists.osgeo.org"
rel="noreferrer"
moz-do-not-send="true">Qgis-user@lists.osgeo.org</a><br>
List info: <a
href="https://lists.osgeo.org/mailman/listinfo/qgis-user"
target="_blank" rel="noopener
noreferrer" moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/qgis-user</a><br>
Unsubscribe: <a
href="https://lists.osgeo.org/mailman/listinfo/qgis-user"
target="_blank" rel="noopener
noreferrer" moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/qgis-user</a><br>
<br>
_______________________________________________<br>
Qgis-user mailing list<br>
<a
href="mailto:Qgis-user@lists.osgeo.org"
rel="noreferrer"
moz-do-not-send="true">Qgis-user@lists.osgeo.org</a><br>
List info: <a
href="https://lists.osgeo.org/mailman/listinfo/qgis-user"
target="_blank" rel="noopener
noreferrer" moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/qgis-user</a><br>
Unsubscribe: <a
href="https://lists.osgeo.org/mailman/listinfo/qgis-user"
target="_blank" rel="noopener
noreferrer" moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/qgis-user</a></blockquote>
</div>
</blockquote>
</div>
</div>
<br>
<div style="margin: 0px; padding: 0px;
font-family: monospace;">_______________________________________________<br>
Qgis-user mailing list<br>
<a href="mailto:Qgis-user@lists.osgeo.org"
rel="noreferrer" moz-do-not-send="true">Qgis-user@lists.osgeo.org</a><br>
List info: <a
href="https://lists.osgeo.org/mailman/listinfo/qgis-user"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/qgis-user</a><br>
Unsubscribe: <a
href="https://lists.osgeo.org/mailman/listinfo/qgis-user"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/qgis-user</a></div>
</blockquote>
<p><br>
</p>
</div>
_______________________________________________<br>
Qgis-user mailing list<br>
<a href="mailto:Qgis-user@lists.osgeo.org"
rel="noreferrer" moz-do-not-send="true">Qgis-user@lists.osgeo.org</a><br>
List info: <a
href="https://lists.osgeo.org/mailman/listinfo/qgis-user"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/qgis-user</a><br>
Unsubscribe: <a
href="https://lists.osgeo.org/mailman/listinfo/qgis-user"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/qgis-user</a></blockquote>
</div>
<br clear="all">
<br>
-- <br>
<div class="v1gmail_signature" dir="ltr">Alessandro
Pasotti<br>
w3: <a href="http://www.itopen.it" target="_blank"
rel="noopener noreferrer" moz-do-not-send="true">www.itopen.it</a></div>
</div>
</div>
</div>
</blockquote>
<p><br>
</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Qgis-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Qgis-user@lists.osgeo.org">Qgis-user@lists.osgeo.org</a>
List info: <a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/qgis-user">https://lists.osgeo.org/mailman/listinfo/qgis-user</a>
Unsubscribe: <a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/qgis-user">https://lists.osgeo.org/mailman/listinfo/qgis-user</a></pre>
</blockquote>
<div class="moz-signature">-- <br>
<title>Email Signature</title>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<table style="width: 525px; font-size: 11pt; font-family: Arial,
sans-serif;" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td style="text-align:center; font-size: 10pt; font-family:
Arial, sans-serif; border-right: 1px solid;
border-right-color: #fb6303; width: 125px; padding-right:
10px; vertical-align: top;" rowspan="6" width="125"
valign="top"> <a href="https://www.geomaster.pt"
target="_blank"><img alt="Logo" style="width:105px;
height:auto; border:0;"
src="https://geomaster.pt/wp-content/uploads/2017/02/cropped-geomaster300x300-1.png"
width="85" border="0"></a> </td>
<td style="padding-left:10px">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td style="font-size: 10pt; color:#0079ac;
font-family: Arial, sans-serif; width: 400px;
padding-bottom: 5px; padding-left: 10px;
vertical-align: top;" valign="top"> <strong><span
style="font-size: 14pt; font-family: Arial,
sans-serif; color:#fb6303;">Geomaster</span></strong><br>
<strong><span style="font-size: 11pt; font-family:
Arial, sans-serif; color:black;">Jorge Gustavo
Rocha</span></strong> <span
style="font-family: Arial, sans-serif;
font-size:11pt; color:#000000;"><span
style="padding-right: 5px; padding-left: 5px;">
| </span>Software Engineer</span> </td>
</tr>
<tr>
<td style="font-size: 10pt; color:#444444;
font-family: Arial, sans-serif; padding-bottom:
5px; padding-top: 5px; padding-left: 10px;
vertical-align: top; line-height:17px;"
valign="top"> <span><span style="color: #fb6303;"><strong>e:</strong></span><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color:#000000;"> <a class="moz-txt-link-abbreviated" href="mailto:jgr@geomaster.pt">jgr@geomaster.pt</a></span></span>
<span><span style="padding-left:
5px;padding-right: 5px;"> | </span><span
style="color: #fb6303;"><strong>m:</strong></span><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color:#000000;"> +351 910 333 888<br>
</span></span> <span><span style="color:
#fb6303;"><strong>g:</strong></span><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color:#000000;"> 41.54094,-8.40490</span></span>
<span><span style="padding-left:
7px;padding-right: 5px;"> | </span><span
style="color: #fb6303;"><strong>v: </strong></span><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color:#000000; padding-left: 7px;">
510 906 109<br>
</span></span> <span> <span style="color:
#fb6303;"><strong>a: </strong></span> </span>
<span> <span style="font-size: 10pt; font-family:
Arial, sans-serif; color: #000000;"><span> </span>Rua
António Cândido Pinto, 67, 4715-400 Braga<br>
</span></span> </td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>