Hello, I set up a role for users, that shall be allowed to edit only in one workspace.
*.*.r=* tan.*.w=TAN_GIS tan_overlays.*.w=TAN_OVERLAYS *.*.w=ADMIN,GROUP_ADMIN The TAN_GIS role has no parent. If I get the logic correctly this should result in: - all roles can read everything - ADMIN,GROUP_ADMIN can edit everything - TAN_GIS can also edit in the tan workspace - TAN_OVERLAYS can edit in the tan_overlays workspace The goals is, to protect tan_overlays from being edited by anyone except admin and users with role TAN_OVERLAYS. Now, when I log in as a user with role TAN_GIS I get only the Layer Preview secition, thus TAN_GIS-users cannot make use of their right to write to anything. So I changed this to: tan.*.a=TAN_GIS giving the TAN_GIS people the right to administrate(and inherently read and write) this one workspace named tan. Now the Layers-section is available for my TAN_GIS role but alas! The user can actually edit layers in tan_overlays as well, I can set a different shapefile and alter other stuff too, even though this role should have reading access only. What am I do wrong? best regards HZN ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
