[Qgis-user] Experiences using QGIS + PostgreSQL/PostGIS in a multiuser environment?

Jorge Gustavo Rocha jgr at geomaster.pt
Wed Nov 20 08:18:17 PST 2019


Hi,

This thread becoming is quite interesting :-) Let me share my experience
regarding authentication.

I'm using PG_SERVICES and LDAP authentication on Postgresql. No
credentials are saved into the projects, so everyone opens shared
projects with their own credentials.

I'm also storing styles and projects on the database. It is easy to
share among several users.

All users have configured QGIS to use the same shared network folder for
SVG, layout images and custom fonts.

This same folder is also available on the QGIS Server (to provide all
styles with the SVGs, images and fonts used by QGIS Desktop).

Regards,

Jorge Gustavo


On 20/11/19 13:15, Andreas Neumann wrote:
>
> Hi Luigi and Alessandro,
>
> thanks for the clarifications.
>
> Quick other question: is it correct that the id MUST be exactly 7
> characters Less than or more than 7 characters won't work? At least on
> my system saving the config is deactivated if it is less than 7 chars.
>
> Thanks,
>
> Andreas
>
> On 2019-11-20 13:46, Alessandro Pasotti wrote:
>
>>  
>>
>> On Wed, Nov 20, 2019 at 1:24 PM Andreas Neumann <a.neumann at carto.net
>> <mailto:a.neumann at carto.net>> wrote:
>>
>>     Hi,
>>
>>     I wonder what is best practice to handle auth configs across
>>     several users for sharing of projects?
>>
>>     Should we ask users to create the same auth-config ids/names to
>>     make projects interoperable, where each users would have
>>     different credentials, but share the auth-config id that is
>>     stored in the QGIS project file?
>>
>>     Is this how we should do it? Otherwise users would end up with
>>     different auth-ids and then can't open QGIS files from their
>>     colleagues without a hassle ...
>>
>>     Or are there better/alternative approaches?
>>
>>  
>> One of the best ways we've used so far was to pre-define at the
>> organization level a small set of authids, you are limited to 7 chars
>> but that's not a big issue.
>>  
>> So, when creating project you will use one of the pre-defined auth
>> ids, of course every user will have to use his own local QGIS auth DB
>> (this is all handled transparently by the QGIS auth system) where he
>> stores his own credentials.
>>  
>> If you share your project within your organization, as long as the
>> user who receives the project has his credentials already sets for
>> the given auth ids access will be granted automatically, if not he
>> will be prompted to enter credentials and if he stores them in the
>> QGIS auth local DB this will be required only for the first time.
>>  
>> This system gives the sysadmins full flexibility: individual
>> credentials can be revoked/granted, no need to share any auth DB in
>> any case.
>>  
>> Hope this helps.
>>  
>>
>>     Andreas
>>
>>     On 2019-11-20 13:14, Hernán De Angelis wrote:
>>
>>         Interesting point, Luigi. Thank you!
>>
>>         Hernán
>>
>>
>>         On 2019-11-20 12:58, Luigi Pirelli wrote:
>>
>>             this is not an issue, Postgres support many auth systems
>>             most of them paired with the authentication system
>>             implemented in QGIS. Other problem is how to share
>>             (auth.db) credentials or security setting among different
>>             users.
>>              
>>             Luigi Pirelli
>>
>>             **************************************************************************************************
>>             * LinkedIn: https://www.linkedin.com/in/luigipirelli
>>             * Stackexchange:
>>             http://gis.stackexchange.com/users/19667/luigi-pirelli
>>             * GitHub: https://github.com/luipir
>>             * Book: Mastering QGIS3 - 3rd Edition
>>             <https://www.packtpub.com/eu/application-development/mastering-geospatial-development-qgis-3x-third-edition>
>>             * Hire a team: http://www.qcooperative.net
>>             **************************************************************************************************
>>
>>             On Wed, 20 Nov 2019 at 11:53, Jan-Eric Oskarsson
>>             <jan-eric at kregis.se <mailto:jan-eric at kregis.se>> wrote:
>>>             Hi Hernán!
>>>             Maybe this comment is redundant but you have to set up a
>>>             strong security to prevent hackers to hack your database
>>>             and steal your data and cause damage.
>>>             I hope uthat you already have thought about this issu!
>>>
>>>             Kind Regards
>>>             Jan-Eric
>>>
>>>             -----Ursprungligt meddelande-----
>>>             Från: Qgis-user <qgis-user-bounces at lists.osgeo.org
>>>             <mailto:qgis-user-bounces at lists.osgeo.org>> För Hernán
>>>             De Angelis
>>>             Skickat: den 20 november 2019 11:10
>>>             Till: qgis-user <qgis-user at lists.osgeo.org
>>>             <mailto:qgis-user at lists.osgeo.org>>
>>>             Ämne: [Qgis-user] Experiences using QGIS +
>>>             PostgreSQL/PostGIS in a multiuser environment?
>>>
>>>             Hello QGIS:ers
>>>
>>>             I am evaluating setting up a server running
>>>             PostgreSQL/PostGIS for use as data sharing/collaborating
>>>             environment for spatial data. The user group may consist
>>>             of up to 15 people, mostly using QGIS but one or two may
>>>             use other software (non OS). Data is almost exclusively
>>>             of vector type. The use is within a single organization.
>>>
>>>             I understand some people in this list have experience
>>>             with this kind of environment and would appreciate if
>>>             any of you would share any useful experience,
>>>             challenges, thought or things to watch out for. I
>>>             understand basic management routines are critical (user
>>>             management, user rights), as well as a sound backup and
>>>             update strategy. I also understand that proper data
>>>             management procedures have to be in place, like rules
>>>             for table creation and eventual deletion, attribute
>>>             selection, etc. But what else can go wrong with this
>>>             kind of setup if not managed properly?
>>>             Thoughts and experiences welcome!
>>>
>>>             Best regards and thanks in advance
>>>
>>>             Hernán
>>>
>>>
>>>
>>>
>>>
>>>             _______________________________________________
>>>             Qgis-user mailing list
>>>             Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>>>             List info:
>>>             https://lists.osgeo.org/mailman/listinfo/qgis-user
>>>             Unsubscribe:
>>>             https://lists.osgeo.org/mailman/listinfo/qgis-user
>>>
>>>             _______________________________________________
>>>             Qgis-user mailing list
>>>             Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>>>             List info:
>>>             https://lists.osgeo.org/mailman/listinfo/qgis-user
>>>             Unsubscribe:
>>>             https://lists.osgeo.org/mailman/listinfo/qgis-user
>>
>>
>>         _______________________________________________
>>         Qgis-user mailing list
>>         Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>>         List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
>>         Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
>>
>>
>>     _______________________________________________
>>     Qgis-user mailing list
>>     Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>>     List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
>>     Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
>>
>>
>>
>> -- 
>> Alessandro Pasotti
>> w3:   www.itopen.it <http://www.itopen.it>
>
>
>
> _______________________________________________
> Qgis-user mailing list
> Qgis-user at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
-- 
Email Signature
Logo <https://www.geomaster.pt> 	
*Geomaster*
*Jorge Gustavo Rocha* | Software Engineer
*e:*jgr at geomaster.pt | *m:*+351 910 333 888
*g:*41.54094,-8.40490 | *v: *510 906 109
*a: * Rua António Cândido Pinto, 67, 4715-400 Braga

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20191120/145a82d8/attachment-0001.html>


More information about the Qgis-user mailing list