Hi, I found some inconsistencies when setting up a security for single layers.
What I want is, for a specific role and workspace, to set up something like: “Hide/restrict access to all layers except of…”
With a simple set up for the “topp" workspace it would look like this:
..r=*
..w=*
topp.*.r=ADMIN,GROUP_ADMIN
topp.states.r=TEST
mode=HIDE
A GetCapabilities request (and also the layer preview in the browser) for a TEST-user looks like what I’d expect: he sees only the topp.states layer from the topp workspace. But the access to it is still restricted, giving me a 404:resource not available.
Now, setting the mode=CHALLENGE, I can access topp.states. But this workaround isn’t what I want because it exposes all the layers to a getCapabilities request.
Do I misunderstood the security concept or is this a wrong behaviour of Geoserver?
Best Regards
Dominik