Karsten D. created an issue |
Catalog Mode CHALLENGE and Data security rules, more access that expected |
Issue Type: |
Bug |
---|---|
Affects Versions: |
2.22.3 |
Assignee: |
Unassigned |
Components: |
Security |
Created: |
13/Jul/23 10:06 AM |
Environment: |
Windows 2019 Tomcat 9.0.73 |
Priority: |
Medium |
Reporter: |
Hello I wanted to test a user setup, where one user will have admin control over one Workspace, but it seems like the user gets more access to edit than I expected. The setup is as follows: Catalog Mode = CHALLENGE (This is because we want to show alle possible services and layers in our capability document) User: TEST Role: ROLE_TEST Workspace that the user may edit and setup: Test Data security rule is “Test.*.a” for “ROLE_TEST” There is only the workspace, there is no datastore or anything added to it. When this is setup, and I log on with the user TEST, I am able to edit all current Workspaces, stores and layers on the Geoserver, in some degree, way more than the Data security rule should give the user access to, how can this be? If I set the Catalog Mode to “mixed” or “hide”, I see what is expected to be administrated by this user, the workspace. It seems Odd that the user have access to edit part of other workspaces, stores and layers this was not given access to in the Data Security. Do I misunderstand the functionality? Best regards Karsten |
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS |
|
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100231-sha1:2991753) |