Follow-up on how to to do this? Basically, I want logged in user to access all wms but allow ROLE_ADMINISTRATOR to read/write whsed layers and read only to philippines layers. At the same time allow fpe3 users to write only to wshed.places.
My security settings below: $ cat layers.properties #Fri Aug 26 20:43:20 PHT 2011 wshed.*.w=ROLE_ADMINISTRATOR philippines.*.r=* wshed.*.r=* wshed.places.w=fpe3 mode=HIDE $ cat service.properties # The format here is service[.method]=ROLE1,...,ROLEN # ([method] being optional if you want to apply the rule to all calls to a specific service # A user can access a service only if he has one of the specified roles # If not specified in this file, a service or method will be considered unsecured # Uncomment the following config if you want to test securing WFS service #wfs.GetFeature=ROLE_WFS_READ #wfs.Transaction=ROLE_WFS_WRITEmaning@diospyros:/usr/share/opengeo-suite-data/geices.propertiescurity$ cat servi #Fri Aug 26 20:39:36 PHT 2011 wms.*=* $ cat users.properties #Fri Aug 26 20:19:53 PHT 2011 admin=xxxx,ROLE_ADMINISTRATOR,enabled maning=xxxx,ROLE_ADMINISTRATOR,enabled user2=xxxx,fpe3,enabled user1=xxxx,fpe3,enabled On Thu, Aug 25, 2011 at 9:13 PM, maning sambale <[email protected]> wrote: > Hi, > > I'm reading through the security levels in the documentation manual, > I'm a little bit confused with the Layer-level security and > Service-level security. According to the manual "Layer-level security > and Service-level security cannot be combined. For example, it is not > possible to specify access to a specific OGC service on one specific > layer." > > I need to assign roles and permissions to the possible scenario below: > > roles: > admin - to manage the server > editor - allow wfs-t editing > public - access only wms > > users: > user1 - is the admin > user2 - editor > user3 - editor > user4 - editor > > > What I want is to limit editing (editor) to a specific layer but allow > others to access the WMS. How do I assign security levels in this > scenario? > > As a follow-up, can user2 to user4 edit the same layer all at the same > time? I'm currently using opengeosuite and editing is via the > standard geoeditor shipped i the opengeosuite. > > > > -- > cheers, > maning > ------------------------------------------------------ > "Freedom is still the most radical idea of all" -N.Branden > wiki: http://esambale.wikispaces.com/ > blog: http://epsg4253.wordpress.com/ > ------------------------------------------------------ > -- cheers, maning ------------------------------------------------------ "Freedom is still the most radical idea of all" -N.Branden wiki: http://esambale.wikispaces.com/ blog: http://epsg4253.wordpress.com/ ------------------------------------------------------ ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
