Hi Robin,
did you have a look at the GeoFence project?
https://github.com/geoserver/geofence/wiki/Main-concepts
With GeoFence, you could setup one access rule for each partner with a CQL
filter like "partner_id = 100" and apply it to any restricted layer you
have (supposing they all have a "partner_id" column).
Hope this helps.
On Wed, May 18, 2016 at 3:25 PM, Robin Kossi <[email protected]>
wrote:
> Hello,
>
> We're using GeoServer for a GIS project where a lot of different partners
> input data in our system though a web client.
>
> We have public layers available with limited data, but partners should be
> able to get 'private' layers which contain all of their data.
> Partners should not be able to view the private data of other partners
> under any circumstance.
> Every partner will have an account on GeoServer.
>
> The 'private' layer for a partner would be an sql view containing
> information of every partner with a filter on partner id.
>
> We could create a private layer for every partner containing only the
> information they have access to, but because we're working with over 200
> partners this could be quite cumbersome because we'd have to create over
> 200 separate layers and link each layer to the correct single account.
> The only difference between these layers would be the partner id.
>
> It's possible in GeoServer to add CQL filters to a layer, but as far as we
> could see it's only possible to append the actual filter id to the request
> URL which would enable partners to change the filter id to get data from
> other partners.
>
> We noticed it's possible to add properties to a user account. Is it
> possible to create a CQL filter which reads a property from the current
> user account?
> This would enable us to create one 'private layer' and allow for each
> account to use the same layer but only see the information associated with
> their account without being able to alter the filter.
>
> If that's not possible, what would be the recommended way to implement
> this use case?
>
> Thanks in advance,
> Robin K.
>
>
>
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data
> untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
--
Best regards,
Stefano Costa
==
GeoServer Professional Services from the experts!
Visithttp://goo.gl/it488V for more information.
==
Dott. Stefano Costa
Senior Software Engineer
GeoSolutions S.A.S.Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.ithttp://twitter.com/geosolutions_it
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New
Data Protection Code).Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
