[QGIS-Developer] QGIS-Developer Digest, Vol 165, Issue 24

Stefan Steiger Steiger at cor-management.ch
Fri Jul 12 00:06:47 PDT 2019


A cynical joke :)

I think you are talking about something like this ? 
https://gis.stackexchange.com/questions/277677/qgis-problem-with-postgresql-postgis-column-permissions 

Correct working depends on the SQL-statements issued by QGIS. 
If it updates values in columns where no value changed, it requires GRANT-UPDATE rights to this columns. 

This is more of a SQL-generation problem than a permission issue. 
It shouldn't issue updates on values that didn't change, but it does. 

And if you update values where you don't have update rights, that generates an SQL error. 

Besides, how are column-level permissions supposed to work ? 
What happens if you load a value from a column where you don't have permission, and then save/update back the fields of a record where you have permissions. 
The result is potential data garbage.  
The entire idea of partial data loading AND THEN BEING ABLE TO SAVE the loaded data (or parts thereof) back is a somewhat fishy concept. 
Either you can alter an entire record, or you cannot. 

At this point it would be worth pointing out that seeing a subset of available records (e.g. via portfolio rights) presents similar issues. 
Are different users going to see different results when they sum areas, for example ? 
Are they going to do some financial calculation with the result ? 
Who sets the permissions, and how do you guarantee permissions are set properly ? 
Are any unfortunate combination of permissions gonna crash the system ? Gonna cause malfunctions ? 
Query performance - is it going to grind the system to a halt ? 

If anybody is going to implement any kind of permissions, you need to think about ALL the consequences first, and also whether or not that makes sense in the first place, especially considering the computational complexity this adds to your program.  And then you need to decide if that added value is worth the costs it incurs, especially including opportunity costs. 



-----Ursprüngliche Nachricht-----
Von: Giovanni Manghi [mailto:giovanni.manghi at gmail.com] 
Gesendet: Donnerstag, 11. Juli 2019 17:20
An: Stefan Steiger <Steiger at cor-management.ch>
Cc: qgis-developer at lists.osgeo.org
Betreff: Re: [QGIS-Developer] QGIS-Developer Digest, Vol 165, Issue 24

> @giovanni:
> It works if you're SuperUser :p

oh really?! column level permissions works only if the user is superuser? is that a feature or bug? of qgis or postgresql? :)

cheers!

-- G --


More information about the QGIS-Developer mailing list