Hi,
For the configuration of the REST API security, could I use any role defined in my role service or only some predefined values?
···
Alexandre Gacon
This is an odd one, there are reset security settings distinct from everything else, but there is no user interface for it 
Please edit rest.properties to manage the roles (built-in or made by hand) that you wish to grant REST API access to.
The examples show a built-in role:
/**;GET,POST,PUT,DELETE=ROLE_ADMINISTRATOR
And also an “any role” example:
/**;GET,POST,PUT,DELETE=ROLE_TRUSTED
There is some interaction with the data security a (admin mode) permission to keep in mind also. My understanding is to update configuration in a workspace an individual would need to have a role providing a permission in that workspace, and also a roll providing rest api access via rest.properties.
https://docs.geoserver.org/main/en/user/security/rest.html
···
–
Jody Garnett
Alexandre Gacon
Hi Jody,
For the moment I use a built-in role to reduce the access to the get methods. I will test with a custom one to reduce the access more eventually.
Regard
Alexandre
···
–
Jody Garnett
Alexandre Gacon