[Qgis-user] User setup for PostGres/PostGis use with QGIS
Michael Dufty
MDufty at mbsenvironmental.com.au
Sun Apr 26 00:25:52 PDT 2020
Good point on the security, so far we’ve been relying on the server only being accessible from our network, but would be good to be able to open that up.
Other than that would simultaneous uses of the same account be likely to cause issues.
Michael Dufty
From: Qgis-user <qgis-user-bounces at lists.osgeo.org> On Behalf Of Jeff Hubbs
Sent: Sunday, 26 April 2020 1:45 AM
To: qgis-user at lists.osgeo.org
Subject: Re: [Qgis-user] User setup for PostGres/PostGis use with QGIS
Agree, strongly. Even better to have an independent authentication system (e.g. LDAP) that everything uses but at minimum, separate PostgreSQL accounts for everybody is highly recommended.
On 4/25/20 11:39 AM, Jo wrote:
From a security perspective you definitely want to create a distinct user account for each user. What if a user leaves your organisation? Will you update the password and have to communicate it to everyone before they can do further work? That's more cumbersome than doing it right from the start.
After a while you may also discover that some users will need different rights.
Jo
On Sat, Apr 25, 2020 at 12:23 PM Michael Dufty <MDufty at mbsenvironmental.com.au<mailto:MDufty at mbsenvironmental.com.au>> wrote:
I’m looking at setting up a postGIS server for use to store mapping files to use with QGIS.
We have about a dozen users who will all need to be able to edit layers and save new layers to the server, and any new layers they create need to be editable by other users.
Can anyone advise if having everyone use the same user account would be a good idea? Since everyone will have the same privileges this would seem to simplify setup. Often there will be different people editing the same QGIS project at different times, and I think it would help with that, although it looks like we would need to use the same id for the authentication on every computer if we don’t want password prompts all the time. I’m just concerned this may cause issues with the server if the same user account is accessing the database from different locations at the same time.
As I understand it the alternative would be to create a role that all accounts are members of, and alter the default privileges for each account so the role gets access to any new tables created, which would be a bit of a pain to set up for lots of accounts, but probably OK.
I have struggled with this in the past, and the consultant who set up a similar server for us in the past to use with Manifold gave up on getting permissions to work and just made every account a superuser. This doesn’t seem ideal, but hasn’t caused any issues in over 10 years.
Michael Dufty
_______________________________________________
Qgis-user mailing list
Qgis-user at lists.osgeo.org<mailto:Qgis-user at lists.osgeo.org>
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
_______________________________________________
Qgis-user mailing list
Qgis-user at lists.osgeo.org<mailto:Qgis-user at lists.osgeo.org>
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20200426/6e805bcb/attachment.html>
More information about the Qgis-user
mailing list