Hi Michal,
I don't know answer about your question but I tried the following:
-----
ws.*.r=ROLE_1
ws.*.w=ROLE_1
ws.*.a=ROLE_1
ws.layer1.r=ROLE_2
with catalogue mode turned to "challenge"
-----
as a result I got that ROLE_2 can see all the catalogues layers, but it can
access (Read) only layer1.
could it be a workaround?
Regards
Michele
On Tue, Jul 9, 2013 at 11:12 AM, <[email protected]> wrote:
>
> Hi all,
>
> the following configuration does not allow a user with ROLE_2 only to
> read the layer1 from workspace ws:
>
> ws.*.r=ROLE_1
> ws.*.w=ROLE_1
> ws.*.a=ROLE_1
>
> ws.layer1.r=ROLE_1,ROLE_2
>
> Is it a bug or is it an expected behaviour?
>
> Kind regards,
>
> Michal
>
>
>
> Dne 04.07.2013 17:56, [email protected] napsal:
> > Hi all,
> >
> > the only way I see that works is to unsecure the whole workspace and
> > secure every layer instead:
> >
> > #hasici.*.r=ROLE_HASICI
> > #hasici.*.w=ROLE_HASICI
> > hasici.*.a=ROLE_HASICI
> >
> > hasici.pest.r=ROLE_HASICI, ROLE_PEST
> > hasici.pest.w=ROLE_HASICI
> > hasici.chemicals.r=ROLE_HASICI
> > hasici.chemicals.w=ROLE_HASICI
> > ...
> >
> > This way I can secure all the layers of the workspace and meanwhile
> > give the access rights to one layer to more people. I don't like it
> > very much though, as it adds a lot of config lines and also, if
> > accidentally one layer of the workspace is forgotten, it is left
> > unsecured.
> >
> > Is this the only solution that should work? If I uncomment the first
> > two lines and secure the workspace, then a user with the ROLE_PEST
> > and
> > without the ROLE_HASICI gets 404 when requesting the layer...
> >
> > Using GeoServer 2.3.2.
> >
> > Kind regards,
> >
> > Michal
> >
> >
> > Dne 04.07.2013 10:03, [email protected] napsal:
> >> Hi Michele,
> >>
> >> thank you for your answer. No, I am not using service security at
> >> all.
> >> Of course I do ask for the layer through OWS (and that is what I
> >> want to
> >> do in the map application as well), but I don't use the service
> >> security
> >> to configure it. The file service.properties is present, but
> >> contains
> >> comments only.
> >>
> >> The think is, when I try to restrict the access to one particular
> >> layer
> >> more, (only to people who have the access to the whole ws and have
> >> some
> >> additional rights) it works, but when I try to give the access to
> >> one
> >> particular layer to more people, who don't have rights to the whole
> >> ws,
> >> it fails. The layer is shown in the available preview list, but 404
> >> is
> >> returned.
> >>
> >> Kind regards,
> >>
> >> Michal
> >>
> >>
> >> Dne 04.07.2013 09:12, Michele Beneventi napsal:
> >>> Hi Michal,
> >>> I'm not really involved in the geoserver security module, but I
> >>> think
> >>> the problem could be in some conflict between "layer security" and
> >>> "service security": if I'm not wrong "layer preview" use WMS
> >>> service.
> >>>
> >>> http://docs.geoserver.org/2.3.2/user/security/layer.html [3]
> >>>
> >>> ciao
> >>> Michele
> >>>
> >>> On Wed, Jul 3, 2013 at 7:03 PM, <[email protected]> wrote:
> >>>
> >>>> Hi all,
> >>>>
> >>>> I have a workspace with restricted access:
> >>>>
> >>>> hasici.*.r=ROLE_HASICI
> >>>> hasici.*.w=ROLE_HASICI
> >>>> hasici.*.a=ROLE_HASICI
> >>>>
> >>>> And I have one layer in the workspace, that should be accessible
> >>>> to
> >>>> more people then the others:
> >>>>
> >>>> hasici.pest.r=ROLE_HASICI,ROLE_PEST
> >>>>
> >>>> Then I have a user, who does have ROLE_PEST assigned, and does not
> >>>> have the ROLE_HASICI assigned. I assume he should be able to see
> >>>> the
> >>>> layer pest. He logs into geoserver web, and he can see the layer
> >>>> 'hasici:pest' in the 'Layer Preview' list as expected. But when he
> >>>> clicks the 'OpenLayers' link, 404 is shown. The layer can be seen
> >>>> by
> >>>> the users who have the ROLE_HASICI assigned.
> >>>>
> >>>> Am I missing something? How this should be configured?
> >>>>
> >>>> Thank you very much for your advice,
> >>>>
> >>>> Michal
> >>>>
> >>>>
> >>>>
> ------------------------------------------------------------------------------
> >>>> This SF.net email is sponsored by Windows:
> >>>>
> >>>> Build for Windows Store.
> >>>>
> >>>> http://p.sf.net/sfu/windows-dev2dev [1]
> >>>> _______________________________________________
> >>>> Geoserver-users mailing list
> >>>> [email protected]
> >>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users [2]
> >>>
> >>>
> >>>
> >>> Links:
> >>> ------
> >>> [1] http://p.sf.net/sfu/windows-dev2dev
> >>> [2] https://lists.sourceforge.net/lists/listinfo/geoserver-users
> >>> [3] http://docs.geoserver.org/2.3.2/user/security/layer.html
> >>
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> This SF.net email is sponsored by Windows:
> >>
> >> Build for Windows Store.
> >>
> >> http://p.sf.net/sfu/windows-dev2dev
> >> _______________________________________________
> >> Geoserver-users mailing list
> >> [email protected]
> >> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
