Since I am currently working on the security subsystem I want to give you some hints.
1) Run tomcat under the user tomcat6, never use root for running services having port numbers > 1024 2) create one special postigs user having full access to your tables. Use this user for geoserver to connect to the database 3) Create your user database in geoserver and use service and data access rules to grant access to your users. I am working on introducing user groups and role hierarchies which will simplify this job in the future. Cheers Christian Zitat von Robert Buckley <[email protected]>: > Hi, > > I have set up a geostack consisting of ubuntu 10.04, Tomcat6, Geoserver 2.1, > Posgresql/Postgis, which serves data to Openlayer/GeoExt thin clients. > > I am now wondering about data security and data ownership. If I am the > administrator who is deploying webapps for different departments, or > institutions I need to be able to restrict users to certain tables or > databases. > > So If department A should only have write permission for all tables > in database > A, but only read access on all others, how to I set this up? > > I am bit confused about file ownership because Tomcat6 needs all > it´s files to > be owned by user tomcat6 group tomcat6. My Geoserverdatadir lies > outside of the > tomcat6 webapps directory, so at least the geodata doesn´t have to > be owned by > tomcat6. Geoserver is owned by tomcat6 because it is in the tomcat6/webapps > directory. > > Postgresql has user accounts , Geoserver has user accounts, and > Ubuntu has user > accounts. How do I coordinate all of these users accounts to allow access to > some and restrict access to others? > > > any advise would be a greate help. > > yours, > > Rob ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
