Hi all, the following configuration does not allow a user with ROLE_2 only to read the layer1 from workspace ws:
ws.*.r=ROLE_1 ws.*.w=ROLE_1 ws.*.a=ROLE_1 ws.layer1.r=ROLE_1,ROLE_2 Is it a bug or is it an expected behaviour? Kind regards, Michal Dne 04.07.2013 17:56, [email protected] napsal: > Hi all, > > the only way I see that works is to unsecure the whole workspace and > secure every layer instead: > > #hasici.*.r=ROLE_HASICI > #hasici.*.w=ROLE_HASICI > hasici.*.a=ROLE_HASICI > > hasici.pest.r=ROLE_HASICI, ROLE_PEST > hasici.pest.w=ROLE_HASICI > hasici.chemicals.r=ROLE_HASICI > hasici.chemicals.w=ROLE_HASICI > ... > > This way I can secure all the layers of the workspace and meanwhile > give the access rights to one layer to more people. I don't like it > very much though, as it adds a lot of config lines and also, if > accidentally one layer of the workspace is forgotten, it is left > unsecured. > > Is this the only solution that should work? If I uncomment the first > two lines and secure the workspace, then a user with the ROLE_PEST > and > without the ROLE_HASICI gets 404 when requesting the layer... > > Using GeoServer 2.3.2. > > Kind regards, > > Michal > > > Dne 04.07.2013 10:03, [email protected] napsal: >> Hi Michele, >> >> thank you for your answer. No, I am not using service security at >> all. >> Of course I do ask for the layer through OWS (and that is what I >> want to >> do in the map application as well), but I don't use the service >> security >> to configure it. The file service.properties is present, but >> contains >> comments only. >> >> The think is, when I try to restrict the access to one particular >> layer >> more, (only to people who have the access to the whole ws and have >> some >> additional rights) it works, but when I try to give the access to >> one >> particular layer to more people, who don't have rights to the whole >> ws, >> it fails. The layer is shown in the available preview list, but 404 >> is >> returned. >> >> Kind regards, >> >> Michal >> >> >> Dne 04.07.2013 09:12, Michele Beneventi napsal: >>> Hi Michal, >>> I'm not really involved in the geoserver security module, but I >>> think >>> the problem could be in some conflict between "layer security" and >>> "service security": if I'm not wrong "layer preview" use WMS >>> service. >>> >>> http://docs.geoserver.org/2.3.2/user/security/layer.html [3] >>> >>> ciao >>> Michele >>> >>> On Wed, Jul 3, 2013 at 7:03 PM, <[email protected]> wrote: >>> >>>> Hi all, >>>> >>>> I have a workspace with restricted access: >>>> >>>> hasici.*.r=ROLE_HASICI >>>> hasici.*.w=ROLE_HASICI >>>> hasici.*.a=ROLE_HASICI >>>> >>>> And I have one layer in the workspace, that should be accessible >>>> to >>>> more people then the others: >>>> >>>> hasici.pest.r=ROLE_HASICI,ROLE_PEST >>>> >>>> Then I have a user, who does have ROLE_PEST assigned, and does not >>>> have the ROLE_HASICI assigned. I assume he should be able to see >>>> the >>>> layer pest. He logs into geoserver web, and he can see the layer >>>> 'hasici:pest' in the 'Layer Preview' list as expected. But when he >>>> clicks the 'OpenLayers' link, 404 is shown. The layer can be seen >>>> by >>>> the users who have the ROLE_HASICI assigned. >>>> >>>> Am I missing something? How this should be configured? >>>> >>>> Thank you very much for your advice, >>>> >>>> Michal >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> This SF.net email is sponsored by Windows: >>>> >>>> Build for Windows Store. >>>> >>>> http://p.sf.net/sfu/windows-dev2dev [1] >>>> _______________________________________________ >>>> Geoserver-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users [2] >>> >>> >>> >>> Links: >>> ------ >>> [1] http://p.sf.net/sfu/windows-dev2dev >>> [2] https://lists.sourceforge.net/lists/listinfo/geoserver-users >>> [3] http://docs.geoserver.org/2.3.2/user/security/layer.html >> >> >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Windows: >> >> Build for Windows Store. >> >> http://p.sf.net/sfu/windows-dev2dev >> _______________________________________________ >> Geoserver-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/geoserver-users ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
