Hello everyone,
I have been using GeoServer recently and I would like to define user
permissions (in the interface or the file roles.xml).
The problem is that I don't understand how create a role other than admin or
group admin. The user should be able to view the layer and make
modifications but not access the security tab or other tabs.
In this discussion
http://osgeo-org.1560.x6.nabble.com/user-authentication-td3808310.html David
Winslow says: "GeoServer does not currently support any type of 'partial'
administrator; that is, there is no facility for allowing users to add data
without allowing them to use all parts of the administration interface." But
he posted this back in 2008.
Has geoserver updated its settings? Is it now possible to create a
non-adminstrator user with editing permissions?
Could an Ldap directory allow for such permissions?
Thanks for your answer,
Mireille
--
View this message in context: http://osgeo-org.1560.x6.nabble.com/intermediary-roles-do-not-exist-tp5097917.html
Sent from the GeoServer - User mailing list archive at Nabble.com.
What exactly do you mean with modifications.
- modify layer data
- modify layer configuration
Cheers
Christian
···
On Tue, Jan 14, 2014 at 10:05 AM, Mlecoeuvre <mireille.lecoeuvre@anonymised.com> wrote:
Hello everyone,
I have been using GeoServer recently and I would like to define user
permissions (in the interface or the file roles.xml).
The problem is that I don’t understand how create a role other than admin or
group admin. The user should be able to view the layer and make
modifications but not access the security tab or other tabs.
In this discussion
http://osgeo-org.1560.x6.nabble.com/user-authentication-td3808310.html David
Winslow says: “GeoServer does not currently support any type of ‘partial’
administrator; that is, there is no facility for allowing users to add data
without allowing them to use all parts of the administration interface.” But
he posted this back in 2008.
Has geoserver updated its settings? Is it now possible to create a
non-adminstrator user with editing permissions?
Could an Ldap directory allow for such permissions?
Thanks for your answer,
Mireille
–
View this message in context: http://osgeo-org.1560.x6.nabble.com/intermediary-roles-do-not-exist-tp5097917.html
Sent from the GeoServer - User mailing list archive at Nabble.com.
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
for example,
the user can:
add a new layer
edit the layer
but cannot add a workspace
thanks
--
View this message in context: http://osgeo-org.1560.x6.nabble.com/intermediary-roles-do-not-exist-tp5097917p5097980.html
Sent from the GeoServer - User mailing list archive at Nabble.com.
On Tue, Jan 14, 2014 at 5:38 PM, Mlecoeuvre
<mireille.lecoeuvre@anonymised.com>wrote:
for example,
the user can:
add a new layer
edit the layer
but cannot add a workspace
I'm not sure, but what about workspace administrators?
I believe they can only operate within the workspace they are assigned to.
Can they access the security panel or other general ones?
Cheers
Andrea
--
== Our support, Your Success! Visit http://opensdi.geo-solutions.it for
more information ==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
Thanks Andrea for your answer!
I'm not sure how to create a workspace administrator.
Here's what I've tried so far:
I created a role with name workspace_admin but I didn't define the key and
value (and I'm not sure what these mean).
I then defined a rule: gn,*,w, workspace_admin.
Finally I connected as the user with the workspace_admin role.
But the problem is that I have access only to the view of map and not the
layers for inserting a new resource or the user's workspace.
Do I need to define a key or value for the workspace_admin role?
Thanks,
Mireille
--
View this message in context: http://osgeo-org.1560.x6.nabble.com/intermediary-roles-do-not-exist-tp5097917p5098117.html
Sent from the GeoServer - User mailing list archive at Nabble.com.
On Wed, Jan 15, 2014 at 12:09 PM, Mlecoeuvre
<mireille.lecoeuvre@anonymised.com>wrote:
Thanks Andrea for your answer!
I'm not sure how to create a workspace administrator.
Here's what I've tried so far:
I created a role with name workspace_admin but I didn't define the key and
value (and I'm not sure what these mean).
I then defined a rule: gn,*,w, workspace_admin.
Finally I connected as the user with the workspace_admin role.
But the problem is that I have access only to the view of map and not the
layers for inserting a new resource or the user's workspace.
Do I need to define a key or value for the workspace_admin role?
Not sure, never tried to do that, see the guide about giving admin access
though:
http://docs.geoserver.org/stable/en/user/security/layer.html
Cheers
Andrea
--
== Our support, Your Success! Visit http://opensdi.geo-solutions.it for
more information ==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
Hi
Key and value are are intended for role parameters and are not used by GeoServer so far.
AFAIK Geoserver does not support administrators restricted to certain configuration panels.This would require to invent some additional system roles like
ROLE_LAYER_ADMIN
granting the right for layer configuration but denying access to the security panels (as an example). Additionally , such roles may have an optional role parameter like “workspaces=myworkspace1,myworkspace2” to restrict the rights to certain workspaces.
Would be a nice feature, but unfortunately, it is not supported at the moment.
Christian
···
On Wed, Jan 15, 2014 at 12:09 PM, Mlecoeuvre <mireille.lecoeuvre@anonymised.com> wrote:
Thanks Andrea for your answer!
I’m not sure how to create a workspace administrator.
Here’s what I’ve tried so far:
I created a role with name workspace_admin but I didn’t define the key and
value (and I’m not sure what these mean).
I then defined a rule: gn,*,w, workspace_admin.
Finally I connected as the user with the workspace_admin role.
But the problem is that I have access only to the view of map and not the
layers for inserting a new resource or the user’s workspace.
Do I need to define a key or value for the workspace_admin role?
Thanks,
Mireille
–
View this message in context: http://osgeo-org.1560.x6.nabble.com/intermediary-roles-do-not-exist-tp5097917p5098117.html
Sent from the GeoServer - User mailing list archive at Nabble.com.
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
Thanks so much for your answer.
it is unfortunate that these opportunities do not exist.
I hope that in future version of geoserver these possibilities exist.
--
View this message in context: http://osgeo-org.1560.x6.nabble.com/intermediary-roles-do-not-exist-tp5097917p5098149.html
Sent from the GeoServer - User mailing list archive at Nabble.com.
Am 14.01.2014 18:02, schrieb Andrea Aime:
On Tue, Jan 14, 2014 at 5:38 PM, Mlecoeuvre
<mireille.lecoeuvre@anonymised.com>wrote:
for example, the user can: add a new layer edit the layer but
cannot add a workspace
I'm not sure, but what about workspace administrators? I believe
they can only operate within the workspace they are assigned to.
Can they access the security panel or other general ones?
I gave a Role named TAN_GIS the permission:
tan.*.a=TAN_GIS
this makes the Layer-Administration pop up for a user, who has TAN_GIS
as a role.
But it does *not* expose the security-section or the general
config-sections for geoserver to that user.
Unfortunately, the given user can also edit Layers in workspaces other
than the intended workspace "tan".
Giving the write-permission only as in:
tan.*.w=TAN_GIS
restricts the Layer-config section and thus is etirely useless, since
the user cannot access the config-tools for a layer he/she cannot act
as an editor be it allowed or not...
At least in the Webinterface *.w does not seem to make sense to me....
best regards
HZN
Cheers Andrea
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In
Between. Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ Geoserver-users
mailing list Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users