Consider automating the creation of those private layers with the rest api,
at least they can all share the same styling.
One thing that may work (or may be terrible) is the creation of a layer
group with all of the private layers. Each web app can refer to the
layergroup, but the partners would only see the data from the "one" layer
they have access rights to see...
--
Jody Garnett
On 18 May 2016 at 06:25, Robin Kossi <[email protected]> wrote:
> Hello,
>
> We're using GeoServer for a GIS project where a lot of different partners
> input data in our system though a web client.
>
> We have public layers available with limited data, but partners should be
> able to get 'private' layers which contain all of their data.
> Partners should not be able to view the private data of other partners
> under any circumstance.
> Every partner will have an account on GeoServer.
>
> The 'private' layer for a partner would be an sql view containing
> information of every partner with a filter on partner id.
>
> We could create a private layer for every partner containing only the
> information they have access to, but because we're working with over 200
> partners this could be quite cumbersome because we'd have to create over
> 200 separate layers and link each layer to the correct single account.
> The only difference between these layers would be the partner id.
>
> It's possible in GeoServer to add CQL filters to a layer, but as far as we
> could see it's only possible to append the actual filter id to the request
> URL which would enable partners to change the filter id to get data from
> other partners.
>
> We noticed it's possible to add properties to a user account. Is it
> possible to create a CQL filter which reads a property from the current
> user account?
> This would enable us to create one 'private layer' and allow for each
> account to use the same layer but only see the information associated with
> their account without being able to alter the filter.
>
> If that's not possible, what would be the recommended way to implement
> this use case?
>
> Thanks in advance,
> Robin K.
>
>
>
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data
> untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
