Hi everyone,
For an urban tree risk assessment project, I want to configure a QField Cloud system that allows two teams, with different but complementary responsibilities, to coordinate. To make it simple, let’s consider two groups of users and a single table. Users of the first team will be in charge of creating and editing new features in a layer, whereas the second team members will just have to check the features created by the others.
PostgreSQL allows creating different users, each one with his own authentication credentials, and roles, and designating users as members of roles. And then, it is possible to assign privileges over a particular table to a particular role.
This is the Grant Wizard of pgAdmin 4, from where the database owner can assign privileges on a table to users individually or users grouped in roles.
On QGIS, when connecting to the PostGIS data source with his/her credentials, each user will get the permissions over the layers that are associated with his/her user in the database. If he is team 1, he will be able to do all crud operations on features; if she is team 2, she will just be able to select the layer features.
QField Cloud allows the collaboration of several members on a project, and assigning roles to these collaborators. But these QField Cloud roles differ from PostgreSQL roles in that they determine a set of permissions, among them edition, insertion, or reading, that are applied to the whole set of database tables, instead of to some in particular and not others. I need something more fine-grained, as some project collaborators will be team 1 members and others team 2 members.
But, unlike QGIS, it seems not possible to leverage PostgreSQL role permission control when working with QField Cloud as the database client, since there’s just one project for all users and one database connection for them all.
I’ve seen that it is possible to create many pg_service.conf configuration files, which contain the PostGIS database connection string, and that gives me some hope that what I intend can be done, but I don’t have a hint on how to associate a project collaborator with a specific pg_service.conf.
This makes me believe that it is somehow possible to automatically log in to the PostGIS database using one or another secret, depending on the collaborator that logs in to the QField Cloud project.
Please, tell me if there’s a way to achieve what I need or ask for clarification in case I haven’t put it clearly.
Imported from GitHub discussion by @OctaviSerra on 2022-09-14T15:07:32Z