Geoserver filter by user

Hi,

I’m trying to find a way to filter some features by the logged in user in my project.

Example:
– Record 1 of Feature A can only be accessed by user X
– Record 2 of Feature A can only be accessed by user Y
– Record 3 of Feature A can be accessed by user X and Y

Is it possible directly with geoserver or geofence?

Thanks

– This was posted to wrong category. Moving this to GeoServer User - OSGeo Discourse

Hi,

I also have this requirement and didn’t find a direct solution. As I’m running GeoServer behind a self-written reverse proxy that is authenticating the windows logon user to GeoServer, I’m able to use the view parameter mechanism to change the filter depending on requested layer and current user.
But this might not be possible in your situation.

I also would be interested in different ways to achieve this.

Regards
Daniel

That is one of the things geofence can do :slight_smile:

See here the ability to restrict with CQL expressions (to control which records) and also attributes (to control which columns): GeoFence Rest API — GeoServer 2.27.x User Manual

Thanks for the replies.
We’ll try it with Geofence.

You may also consider GeoServer ACL which is a fork using spring boot employed by the cloud native GeoServer project.

Would it be possible to access the name of the current user inside the CQL to allow access only to records where the name of user is stored in an attribute, like f.e.

OWNER = %USERNAME%

There are some built in env variables like the scale, and bounds. We could look up how those are done and make a similar change?

Searching Code search results · GitHub

Looks like it is already done (see search result above for AutopopulateTransactionCallback “GSUser” ). If you like the idea you could do something similar for WMS GetMap and other requests.

Thans @dcal , but I think with that solution anyone can copy and paste the request with that “OWNER” filter, and it will be available to see the entire data set.

Thanks @jive , we’ll take a look into it.