[Qgis-developer] Qgis access control question
Barry Rowlingson
b.rowlingson at lancaster.ac.uk
Thu Mar 17 08:32:09 EDT 2011
On Wed, Mar 16, 2011 at 11:19 PM, Mayeul Kauffmann
<mayeul.kauffmann at free.fr> wrote:
> Hi David,
> Barry is right and his answer is much better than what you could get
> with any client connecting to the data.
> You can define read-only access for some users and write access to other
> users both at the database level and at the shared disk level. All the
> examples you gave (below) are normally managed this way. This is the
> only safe way to do it: if you create a new client software managing
> access restriction, you may always face users using other clients to
> workaround those restrictions. On the contrary, whatever the client you
> use, nobody will break a well designed database or shared disk security.
> The only part of the access restrictions that a client as QGIS should
> take care of is to ask users to provide a correct username/password, and
> this is implemented.
The thing you might want to do with Qgis (and this might be what
you're getting at) is to build a simplified interface so users can
only see the things they need to see. It might not stop them running
Qgis-proper and seeing everything, but access controls should always
be implemented at the server or system level. Qgis is a great platform
for building simplified GIS applications (such as data collection
applications where all you want is for someone to click on a map and
add some text/graphics and not have a cluttered UI with hundreds of
other bits n bobs).
Case in point. Our central IT guys developed a complex database
system for managing all the users over the entire campus. Departmental
IT reps were given access to manage the users in their department. But
the access was checked by the fancy front-end database client they
built. But I could just connect to the database using either a command
line tool or something like MS Access and do what the heck I liked
with all the tables. I didn't, of course, but this kind of security
fail is a possibility...
So, control access and permissions on the system/server, improve
usability in the client.
Barry
More information about the Qgis-developer
mailing list