Databases
Use remote database applications like QField
Overview
Some applications directly read from a database without an intermediate API layer. An example is QField, a GIS application for mobile devices, directly reaching a Postgresql database.
For applications that use a text-based template file as their method of finding the database (e.g. XML, .ini, etc.) fetched over a network, this feature will enrich/modify the template file in real time with an appropriate credential for the user, allowing direct access to the database without an open firewall.
There are two components to the usage:
- (Admin) setup the template
- (End-user) use Profile to download a custom-version of the template for each user, opening in their application
End-users will see a seamless experience on their device: their application will appear as if on the LAN with the database.
Administrators will see a secure experience for the end-user: multi-factor, per-user credentials, no database credentials shared externally.
Admistrative Setup
High Level Steps:
- Create ‘Database’ resource
- Modify your connection file / template
- Create a ‘Template’ with the modified file
Create Database Resource
At this stage, the database resource is ready. You are prompted for a set of common actions (assign permissions, create a template). No one (including you the admin) will be able to use it without permissions assigned.
The options include:
- Create a template. We will do this below in another step, but you may feel free to do it here
- Add to one or more resource groups. You will commonly have multiple resources that behave as a single entity (e.g. a web application + database combination)
- Assign permissions: give a single user, or a group of users the ability to use this Database from Profile (e.g. on their device)
- Assign (access) policies such as specific multi-factor or geographical restrictions
Modify Existing Template
These instructions will vary on a per application basis. Essentially, you have 3 fields somewhere in the connection/template file you need to modify. These are:
- ${user.email} — replace the built-in user (which is usually the database username) with this string
- ${api_key} — replace the built-in password with this string
- ${resource.uri.domain} — replace the built-in hostname with this string. If there is a port number (e.g. 5432 for Postgresql) change this to 443.
An example might look like this:
username: ${user.email}
password: ${api_key}
host: ${resource.uri.domain}:443You may do these through the GUI of the database application, or, via a text editor.
Create Template
At this stage you should upload the template you modified above:
You will now be given the opportunity to name it (usually this is not seen by the user, but, the extension might be used) and to give it a MIME type (this might be used by your application to automatically find/open).
Now associate the template with the Database we created above:
Now apply. At this stage, the user(s) who you have given permission should see an icon for the database name in https://profile.__MYDOMAIN__, and, if they select it, should download the template file with those fields filled in.
Testing this file, I obtained:
username: db@XXXXX.ca
password: 4xnyXXXXXX46rdfw
host: postgis.databases.r.XXXXX.ca:443