Tested this solution and it works perfectly. When using the same ID in the authentication settings, the projects saved to the DB do not retain the creator's per-layer permissions.
Thanks for the help! Cliff On Mon, Jun 1, 2020 at 11:19 AM Cliff Patterson <cpatter...@psdrcs.com> wrote: > Hi Karl and Alessandro, > > This is helpful but DEFINITELY not intuitive. I will test this > configuration and report back. > > Cheers, > Cliff > > On Mon, Jun 1, 2020 at 9:51 AM Karl Magnus Jönsson < > karl-magnus.jons...@kristianstad.se> wrote: > >> Hi! >> >> Alessandro, you where quicker! J >> >> >> >> If I understand correct, the actual credentials isn’t stored to the >> project. Just the auth config ID. If the user doesn’t have this in his >> local authentication database, or has it with other credentials(read) the >> project will not open with admin credentials. >> >> >> >> *Karl-Magnus Jönsson* >> >> >> >> *Från:* Qgis-user <qgis-user-boun...@lists.osgeo.org> *För *Cliff >> Patterson >> *Skickat:* den 1 juni 2020 15:36 >> *Till:* Alessandro Pasotti <apaso...@gmail.com> >> *Kopia:* qgis-user <qgis-user@lists.osgeo.org> >> *Ämne:* Re: [Qgis-user] Save projects to DB without creator's permissions >> >> >> >> That's exactly the problem with the auth system. If you connect to a DB >> using the auth system and store a map in the DB (or anywhere for that >> matter), the map contains your credentials/permissions for EVERY layer that >> you added. So if you create a map while logged in as DB owner (i.e. full >> perms for every layer), any user who opens it will have full permissions on >> every layer in the map. The only workaround for this is to remember to use >> basic auth and uncheck "store" beside password whenever creating a shared >> project. >> >> >> >> Any other less vulnerable workarounds would be very helpful, though I >> doubt any exist. >> >> >> >> Cliff >> >> >> >> On Fri, May 29, 2020 at 3:03 PM Alessandro Pasotti <apaso...@gmail.com> >> wrote: >> >> Maybe all that you need is in the QHIS auth system is >> https://docs.qgis.org/3.10/en/docs/user_manual/auth_system/auth_workflows.html#changing-authentication-config-id >> >> >> >> The master password can be stored in the operating system wallet so that >> the user will not need to type his password. >> >> >> >> Regards >> >> >> >> >> >> On Fri, May 29, 2020, 19:39 Cliff Patterson <cpatter...@psdrcs.com> >> wrote: >> >> PS: I realize I can create maps with basic auth and not store the PW, >> which prompts the user to enter their creds. But is there a better way now >> to achieve the same result? >> >> >> >> Cliff >> >> >> >> On Fri, May 29, 2020 at 1:29 PM Cliff Patterson <cpatter...@psdrcs.com> >> wrote: >> >> What is the best approach to save QGIS projects to PostgreSQL >> without saving the project-creator's credentials/permissions? If the DB >> admin creates a project and saves it to the DB, anyone opening that project >> will attain the admin's permissions on layers in that map. >> >> >> >> To recreate: >> >> >> >> 1) Create a map containing PostGIS layers and save project to DB. All >> layers should be editable by the admin. Admin is logged into DB with auth >> config, not basic auth. >> >> 2) Create a new read-only user and new profile in QGIS and log in to DB. >> >> 3) Open the project and try to edit layers. Read-only user will be able >> to see and edit all layers just like the DB Admin. >> >> >> >> Is there a way to save projects to DB WITHOUT saving any user >> creds/permissions? >> >> >> >> Cliff >> >> >> >> -- >> >> Cliff Patterson Ph.D. >> >> *PSD* | Senior GIS Consultant >> P: 519-690-2565 ext. 2616 >> www.psdrcs.com >> London | 148 Fullarton St. 9th Floor >> >> >> >> >> -- >> >> Cliff Patterson Ph.D. >> >> *PSD* | Senior GIS Consultant >> P: 519-690-2565 ext. 2616 >> www.psdrcs.com >> London | 148 Fullarton St. 9th Floor >> >> _______________________________________________ >> Qgis-user mailing list >> Qgis-user@lists.osgeo.org >> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user >> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user >> >> >> >> >> -- >> >> Cliff Patterson Ph.D. >> >> *PSD* | Senior GIS Consultant >> P: 519-690-2565 ext. 2616 >> www.psdrcs.com >> London | 148 Fullarton St. 9th Floor >> >> > > -- > > Cliff Patterson Ph.D. > > *PSD* | Senior GIS Consultant > P: 519-690-2565 ext. 2616 > www.psdrcs.com > London | 148 Fullarton St. 9th Floor > > -- Cliff Patterson Ph.D. *PSD* | Senior GIS Consultant P: 519-690-2565 ext. 2616 www.psdrcs.com London | 148 Fullarton St. 9th Floor
_______________________________________________ Qgis-user mailing list Qgis-user@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user