[security config] Let users see some layers in the web UI but not modify them

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[security config] Let users see some layers in the web UI but not modify them

Jean Pommier - PI geosolutions

Hi,

I'd like some users to be able to edit/create layers and stores only in a specific workspace, but to see (and only see, not edit) layers from another workspace in the web UI (to let them see how they are configured and use as templates)

The first part is easy. The second part, I thought I could do by using the security system and giving  a data rule tplnamespace.*.r, but I found out they only can see the layers in the getCapabilities (and previsualization, etc), but not in the web UI.

Is there a way to perform this : let some users see and explore in the web UI the layers available from a workspace, but in readonly mode ?

Thanks,

Regards,

Jean

--

Jean Pommier -- pi-Geosolutions

Ingénieur, consultant indépendant

Tél. : (+33) 6 09 23 21 36
E-mail : [hidden email]
Web : www.pi-geosolutions.fr


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Reply | Threaded
Open this post in threaded view
|

Re: [security config] Let users see some layers in the web UI but not modify them

geowolf
On Fri, May 25, 2018 at 12:01 PM, Jean Pommier <[hidden email]> wrote:

Hi,

I'd like some users to be able to edit/create layers and stores only in a specific workspace, but to see (and only see, not edit) layers from another workspace in the web UI (to let them see how they are configured and use as templates)

The first part is easy. The second part, I thought I could do by using the security system and giving  a data rule tplnamespace.*.r, but I found out they only can see the layers in the getCapabilities (and previsualization, etc), but not in the web UI.

Is there a way to perform this : let some users see and explore in the web UI the layers available from a workspace, but in readonly mode ?


No, the UI pages do not have a read only mode, and the security subsystem does not have a notion of "read admin" access.
Also, admin access (which is currently all or nothing) can be specified only at the worskpace level.
Long story short, doing what you want would require a number of changes in the source code.


Cheers
Andrea
 
==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Reply | Threaded
Open this post in threaded view
|

Re: [security config] Let users see some layers in the web UI but not modify them

Jean Pommier - PI geosolutions

Hi Andrea,

OK, thanks for the info.

Cheers,

Jean

Jean Pommier -- pi-Geosolutions

Ingénieur, consultant indépendant

Tél. : (+33) 6 09 23 21 36
E-mail : [hidden email]
Web : www.pi-geosolutions.fr

Le 27/05/2018 à 08:42, Andrea Aime a écrit :
On Fri, May 25, 2018 at 12:01 PM, Jean Pommier <[hidden email]> wrote:

Hi,

I'd like some users to be able to edit/create layers and stores only in a specific workspace, but to see (and only see, not edit) layers from another workspace in the web UI (to let them see how they are configured and use as templates)

The first part is easy. The second part, I thought I could do by using the security system and giving  a data rule tplnamespace.*.r, but I found out they only can see the layers in the getCapabilities (and previsualization, etc), but not in the web UI.

Is there a way to perform this : let some users see and explore in the web UI the layers available from a workspace, but in readonly mode ?


No, the UI pages do not have a read only mode, and the security subsystem does not have a notion of "read admin" access.
Also, admin access (which is currently all or nothing) can be specified only at the worskpace level.
Long story short, doing what you want would require a number of changes in the source code.


Cheers
Andrea
 
==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users