> > 2. Is it true that the security settings that are set in are only for the > defined Geoserver users, which are then defined by their roles and this > controls what can be done whilst inside the geoserver GUI. For example. If a > user is only supposed to see one Layer and its characteristics in geoserver, > then this would be set to read only for this user. (in this example the > getCapabilties document would show all layers anyway wouldn´t it?)
No, actually the GeoServer GUI has the coarsest security possible - either you are an administrator and you can use it, or you are not and you can't. The security permissions only affect GeoServer's OWS services. The GetCapabilities response can be filtered based on security or not - depending on the clients you expect you may have to sacrifice some security in order for them to be able to connect at all. See the section on http://docs.geoserver.org/stable/en/user/security/sec_layer.html which starts with "mode=option" . -- David Winslow OpenGeo - http://opengeo.org/ On Mon, Sep 19, 2011 at 11:00 AM, Stephen V. Mather < [email protected]> wrote: > Hi Robert,**** > > I can answer question 1 and 3, I think. Question 2 I’ll > leave for someone more knowledgeable.**** > > If you create a postgis connection from a thick client > directly to the PostGIS database, then your authentication is that of the > user you use to connect to the database. You are bypassing GeoServer when > you do this. If instead, you use your thick client to connect to a WFS > store on GeoServer, then you will be using GeoServer’s security.**** > > ** ** > > Best,**** > > Steve**** > > ** ** > > ** ** > > **[image: http://www.clemetparks.com/images/esig/cmp-ms-90x122.png]**Stephen > Mather > Geographic Information Systems (GIS) Manager > (216) 635-3243**** > > [email protected] > clevelandmetroparks.com <http://www.clemetparks.com/>**** > > ** ** > > ** ** > > ** ** > > ** ** > > *From:* Robert Buckley [mailto:[email protected]] > *Sent:* Monday, September 19, 2011 6:20 AM > *To:* [email protected] > *Subject:* [Geoserver-users] Data security in Geoserver**** > > ** ** > > Hi,**** > > ** ** > > I am trying to figure out the security systems within Geoserver.**** > > ** ** > > I have data in Postgis which is served through geoserver in Tomcat6 on > Linux Ubuntu and am trying to get a few things straight. I would be grateful > if anyone could give me any assistance in trying to understand exactly how > the security works and what is being secured. I would like to set up a safe > editing environment using PostGIS, Geoserver and a thick client ( eg. > Quantum, or possibly ArcGIS)**** > > ** ** > > 1.Is it true that If I create a connection to a postgis database with a > thick client(eg.Quantum GIS), any security settings in geoserver are > irrelevant...e.g" wfs service level : basic" This would only affect editing > through a thin-client (e.g GeoExt in a browser). This is exactly what I have > experienced anyway.**** > > ** ** > > 2. Is it true that the security settings that are set in are only for the > defined Geoserver users, which are then defined by their roles and this > controls what can be done whilst inside the geoserver GUI. For example. If a > user is only supposed to see one Layer and its characteristics in geoserver, > then this would be set to read only for this user. (in this example the > getCapabilties document would show all layers anyway wouldn´t it?)**** > > ** ** > > 3. service level security: "wfs.Transaction=ROLE_WFS_WRITE" is an example > given in the geoserver docs. Would this restrict an editing session done > through postgis with a quantum gis client?**** > > > > **** > > I hope these questions are clear enough.**** > > > > **** > > Thanks,**** > > > > **** > > rob**** > > > ------------------------------------------------------------------------------ > BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA > Learn about the latest advances in developing for the > BlackBerry® mobile platform with sessions, labs & more. > See new tools and technologies. Register for BlackBerry® DevCon today! > http://p.sf.net/sfu/rim-devcon-copy1 > _______________________________________________ > Geoserver-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/geoserver-users > >
<<image001.png>>
------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1
_______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
![http://www.clemetparks.com/images/esig/cmp-ms-90x122.png]**Stephen](http://www.clemetparks.com/images/esig/cmp-ms-90x122.png]**Stephen){kind=link}