Dear Users,

I want to restrict users to read/write layers, create stores only in a special workspace. This sounds quite easy, however I’m stuck with a problem here.

I created a new user (let’s call it “gyakornok”) together with a new role (“ROLE_GYAKORNOK”), and assigned this role to the new user. Only this role is associated with him.

I also edited the layers.properties file, which now looks like this:

..r=ADMIN

..w=ADMIN

topp.*.r=ROLE_GYAKORNOK

topp.*.w=ROLE_GYAKORNOK

mode=HIDE

So what I want is that only the “topp” workspace should be visible and editable by my new user.

If I successfully log in with the new user, however, the left panel is almost completely empty, I can only see the “Layer preview” option, but there is no option to modify/add/delete layers, stores etc. I attach the image of this part of the screen.

Why is that? What did I wrong?

On Fri, May 23, 2014 at 11:12 AM, Gergely Padányi-Gulyás <fegyi001@anonymised.com

wrote:

Dear Users,

I want to restrict users to read/write layers, create stores only in a
special workspace. This sounds quite easy, however I'm stuck with a problem
here.

I created a new user (let's call it "gyakornok") together with a new role
("ROLE_GYAKORNOK"), and assigned this role to the new user. Only this role
is associated with him.

I also edited the layers.properties file, which now looks like this:

*.*.r=ADMIN
*.*.w=ADMIN
topp.*.r=ROLE_GYAKORNOK
topp.*.w=ROLE_GYAKORNOK
mode=HIDE

So what I want is that only the "topp" workspace should be visible and
editable by my new user.

If I successfully log in with the new user, however, the left panel is
almost completely empty, I can only see the "Layer preview" option, but
there is no option to modify/add/delete layers, stores etc. I attach the
image of this part of the screen.

Why is that? What did I wrong?

Read and Write rights are about the data, not the configuration.
In order for a user to edit a workspace you have to give him admin rights
instead

Cheers
Andrea

--

Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK
for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

Hello Andrea,

I’m a bit confused now. What is the point of giving W rights to users when I cannot see any writing (adding layers, modifying layers, adding stores etc.) options after logging in?I don’t wish to give admin rights to the new user, hence he/she would be able to modify his/hers role quite easily. This would be a major security risk.

I’m pretty sure there is a solution for my problem which is maybe too obvious for me to see.

Best,
Gergely

On Fri, May 23, 2014 at 11:43 AM, Gergely Padányi-Gulyás <fegyi001@anonymised.com

wrote:

Hello Andrea,

I'm a bit confused now. What is the point of giving W rights to users when
I cannot see any writing (adding layers, modifying layers, adding stores
etc.) options after logging in?

WFS-T, editing data

I don't wish to give admin rights to the new user, hence he/she would be
able to modify his/hers role quite easily. This would be a major security
risk.

Any chance in the geoserver configuration is admin, you need admin rights,
which can be limited to a workspace (that user won't be able
to change the global configuration, the users, and other workspaces)

Cheers
Andrea

--

Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK
for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

WFS-T, editing data

I think I finally understand it, thanks!

Any chance in the geoserver configuration is admin, you need admin rights,
which can be limited to a workspace (that user won't be able
to change the global configuration, the users, and other workspaces)

That sounds good, but how can I set that so? Where can I limit the admin

rights so?

Best
         Gergely

On Fri, May 23, 2014 at 12:17 PM, Gergely Padányi-Gulyás <fegyi001@anonymised.com

wrote:

WFS-T, editing data

I think I finally understand it, thanks!

Any chance in the geoserver configuration is admin, you need admin
rights, which can be limited to a workspace (that user won't be able
to change the global configuration, the users, and other workspaces)

That sounds good, but how can I set that so? Where can I limit the admin

rights so?

http://docs.geoserver.org/stable/en/user/security/layer.html

See admin rights

Cheers
Andrea

--

Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK
for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

Andrea,

Thank you very much!

I didn’t notice the “a” option. What I had to do is simply add “a” rights to the workspace in addition to “r” and “w”.
Now the new user can only see the limited number of workspaces.

Best
Gergely