Glad to hear that it worked! If you feel like the documentation should include an example, feel free to add some more content to the https://docs.qgis.org/testing/en/docs/user_manual/auth_system/auth_workflows.html
There is also a section on organizations that might be relevant for this kind of information. https://docs.qgis.org/testing/en/docs/user_manual/introduction/qgis_configuration.html#deploying-qgis-within-an-organization On Mon, Jun 1, 2020 at 5:29 PM Cliff Patterson <cpatter...@psdrcs.com> wrote: > Tested this solution and it works perfectly. When using the same ID in the > authentication settings, the projects saved to the DB do not retain the > creator's per-layer permissions. > > Thanks for the help! > > Cliff > > On Mon, Jun 1, 2020 at 11:19 AM Cliff Patterson <cpatter...@psdrcs.com> > wrote: > >> Hi Karl and Alessandro, >> >> This is helpful but DEFINITELY not intuitive. I will test this >> configuration and report back. >> >> Cheers, >> Cliff >> >> On Mon, Jun 1, 2020 at 9:51 AM Karl Magnus Jönsson < >> karl-magnus.jons...@kristianstad.se> wrote: >> >>> Hi! >>> >>> Alessandro, you where quicker! J >>> >>> >>> >>> If I understand correct, the actual credentials isn’t stored to the >>> project. Just the auth config ID. If the user doesn’t have this in his >>> local authentication database, or has it with other credentials(read) the >>> project will not open with admin credentials. >>> >>> >>> >>> *Karl-Magnus Jönsson* >>> >>> >>> >>> *Från:* Qgis-user <qgis-user-boun...@lists.osgeo.org> *För *Cliff >>> Patterson >>> *Skickat:* den 1 juni 2020 15:36 >>> *Till:* Alessandro Pasotti <apaso...@gmail.com> >>> *Kopia:* qgis-user <qgis-user@lists.osgeo.org> >>> *Ämne:* Re: [Qgis-user] Save projects to DB without creator's >>> permissions >>> >>> >>> >>> That's exactly the problem with the auth system. If you connect to a DB >>> using the auth system and store a map in the DB (or anywhere for that >>> matter), the map contains your credentials/permissions for EVERY layer that >>> you added. So if you create a map while logged in as DB owner (i.e. full >>> perms for every layer), any user who opens it will have full permissions on >>> every layer in the map. The only workaround for this is to remember to use >>> basic auth and uncheck "store" beside password whenever creating a shared >>> project. >>> >>> >>> >>> Any other less vulnerable workarounds would be very helpful, though I >>> doubt any exist. >>> >>> >>> >>> Cliff >>> >>> >>> >>> On Fri, May 29, 2020 at 3:03 PM Alessandro Pasotti <apaso...@gmail.com> >>> wrote: >>> >>> Maybe all that you need is in the QHIS auth system is >>> https://docs.qgis.org/3.10/en/docs/user_manual/auth_system/auth_workflows.html#changing-authentication-config-id >>> >>> >>> >>> The master password can be stored in the operating system wallet so that >>> the user will not need to type his password. >>> >>> >>> >>> Regards >>> >>> >>> >>> >>> >>> On Fri, May 29, 2020, 19:39 Cliff Patterson <cpatter...@psdrcs.com> >>> wrote: >>> >>> PS: I realize I can create maps with basic auth and not store the PW, >>> which prompts the user to enter their creds. But is there a better way now >>> to achieve the same result? >>> >>> >>> >>> Cliff >>> >>> >>> >>> On Fri, May 29, 2020 at 1:29 PM Cliff Patterson <cpatter...@psdrcs.com> >>> wrote: >>> >>> What is the best approach to save QGIS projects to PostgreSQL >>> without saving the project-creator's credentials/permissions? If the DB >>> admin creates a project and saves it to the DB, anyone opening that project >>> will attain the admin's permissions on layers in that map. >>> >>> >>> >>> To recreate: >>> >>> >>> >>> 1) Create a map containing PostGIS layers and save project to DB. All >>> layers should be editable by the admin. Admin is logged into DB with auth >>> config, not basic auth. >>> >>> 2) Create a new read-only user and new profile in QGIS and log in to DB. >>> >>> 3) Open the project and try to edit layers. Read-only user will be able >>> to see and edit all layers just like the DB Admin. >>> >>> >>> >>> Is there a way to save projects to DB WITHOUT saving any user >>> creds/permissions? >>> >>> >>> >>> Cliff >>> >>> >>> >>> -- >>> >>> Cliff Patterson Ph.D. >>> >>> *PSD* | Senior GIS Consultant >>> P: 519-690-2565 ext. 2616 >>> www.psdrcs.com >>> London | 148 Fullarton St. 9th Floor >>> >>> >>> >>> >>> -- >>> >>> Cliff Patterson Ph.D. >>> >>> *PSD* | Senior GIS Consultant >>> P: 519-690-2565 ext. 2616 >>> www.psdrcs.com >>> London | 148 Fullarton St. 9th Floor >>> >>> _______________________________________________ >>> Qgis-user mailing list >>> Qgis-user@lists.osgeo.org >>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user >>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user >>> >>> >>> >>> >>> -- >>> >>> Cliff Patterson Ph.D. >>> >>> *PSD* | Senior GIS Consultant >>> P: 519-690-2565 ext. 2616 >>> www.psdrcs.com >>> London | 148 Fullarton St. 9th Floor >>> >>> >> >> -- >> >> Cliff Patterson Ph.D. >> >> *PSD* | Senior GIS Consultant >> P: 519-690-2565 ext. 2616 >> www.psdrcs.com >> London | 148 Fullarton St. 9th Floor >> >> > > -- > > Cliff Patterson Ph.D. > > *PSD* | Senior GIS Consultant > P: 519-690-2565 ext. 2616 > www.psdrcs.com > London | 148 Fullarton St. 9th Floor > > -- Alessandro Pasotti QCooperative: www.qcooperative.net ItOpen: www.itopen.it
_______________________________________________ Qgis-user mailing list Qgis-user@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user