[Qgis-user] User setup for PostGres/PostGis use with QGIS

Sun Apr 26 06:42:20 PDT 2020

Note that there is a little trick that might make things easier:
suppose you want to share a QGS project within an organization, by
using the QGIS authentication database you can create an
authentication configuration with a know ID  (the usually automatic 7
characters ID) and share the project withing your organization using
that authentication configuration to access the server, to load the
project (and to connect to the server) all what a user would need to
do is to create an authentication configuration with the same ID (but
with his/her own credentials).

We happily tested it with PKI user certificates on a postgis backend.

On Sun, Apr 26, 2020 at 9:26 AM Michael Dufty
<MDufty at mbsenvironmental.com.au> wrote:
>
> Good point on the security, so far we’ve been relying on the server only being accessible from our network, but would be good to be able to open that up.
>
> Other than that would simultaneous uses of the same account be likely to cause issues.
>
>
>
> Michael Dufty
>
>
>
> From: Qgis-user <qgis-user-bounces at lists.osgeo.org> On Behalf Of Jeff Hubbs
> Sent: Sunday, 26 April 2020 1:45 AM
> To: qgis-user at lists.osgeo.org
> Subject: Re: [Qgis-user] User setup for PostGres/PostGis use with QGIS
>
>
>
> Agree, strongly. Even better to have an independent authentication system (e.g. LDAP) that everything uses but at minimum, separate PostgreSQL accounts for everybody is highly recommended.
>
>
>
> On 4/25/20 11:39 AM, Jo wrote:
>
> From a security perspective you definitely want to create a distinct user account for each user. What if a user leaves your organisation? Will you update the password and have to communicate it to everyone before they can do further work? That's more cumbersome than doing it right from the start.
>
>
>
> After a while you may also discover that some users will need different rights.
>
>
>
> Jo
>
>
>
> On Sat, Apr 25, 2020 at 12:23 PM Michael Dufty <MDufty at mbsenvironmental.com.au> wrote:
>
> I’m looking at setting up a postGIS server for use to store mapping files to use with QGIS.
>
> We have about a dozen users who will all need to be able to edit layers and save new layers to the server, and any new layers they create need to be editable by other users.
>
>
>
> Can anyone advise if having everyone use the same user account would be a good idea?  Since everyone will have the same privileges this would seem to simplify setup.  Often there will be different people editing the same QGIS project at different times, and I think it would help with that, although it looks like we would need to use the same id for the authentication on every computer if we don’t want password prompts all the time.  I’m just concerned this may cause issues with the server if the same user account is accessing the database from different locations at the same time.
>
>
>
> As I understand it the alternative would be to create a role that all accounts are members of, and alter the default privileges for each account so the role gets access to any new tables created, which would be a bit of a pain to set up for lots of accounts, but probably OK.
>
>
>
> I have struggled with this in the past, and the consultant who set up a similar server for us in  the past to use with Manifold gave up on getting permissions to work and just made every account a superuser.  This doesn’t seem ideal, but hasn’t caused any issues in over 10 years.
>
>
>
>
>
> Michael Dufty
>
>
>
> _______________________________________________
> Qgis-user mailing list
> Qgis-user at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
>
>
>
> _______________________________________________
>
> Qgis-user mailing list
>
> Qgis-user at lists.osgeo.org
>
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
>
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
>
>
>
> _______________________________________________
> Qgis-user mailing list
> Qgis-user at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user

-- 
Alessandro Pasotti
w3:   www.itopen.it