Forgot to add, using this settings, I can still write to all layers via geoeditor.
On Fri, Aug 26, 2011 at 8:58 PM, maning sambale <emmanuel.samb...@gmail.com> wrote: > Follow-up on how to to do this? Basically, I want logged in user to > access all wms but allow ROLE_ADMINISTRATOR to read/write whsed layers > and read only to philippines layers. At the same time allow fpe3 > users to write only to wshed.places. > > My security settings below: > > $ cat layers.properties > #Fri Aug 26 20:43:20 PHT 2011 > wshed.*.w=ROLE_ADMINISTRATOR > philippines.*.r=* > wshed.*.r=* > wshed.places.w=fpe3 > mode=HIDE > > $ cat service.properties > # The format here is service[.method]=ROLE1,...,ROLEN > # ([method] being optional if you want to apply the rule to all calls > to a specific service > # A user can access a service only if he has one of the specified roles > # If not specified in this file, a service or method will be > considered unsecured > > # Uncomment the following config if you want to test securing WFS service > #wfs.GetFeature=ROLE_WFS_READ > #wfs.Transaction=ROLE_WFS_WRITEmaning@diospyros:/usr/share/opengeo-suite-data/geices.propertiescurity$ > cat servi > #Fri Aug 26 20:39:36 PHT 2011 > wms.*=* > > $ cat users.properties > #Fri Aug 26 20:19:53 PHT 2011 > admin=xxxx,ROLE_ADMINISTRATOR,enabled > maning=xxxx,ROLE_ADMINISTRATOR,enabled > user2=xxxx,fpe3,enabled > user1=xxxx,fpe3,enabled > > > On Thu, Aug 25, 2011 at 9:13 PM, maning sambale > <emmanuel.samb...@gmail.com> wrote: >> Hi, >> >> I'm reading through the security levels in the documentation manual, >> I'm a little bit confused with the Layer-level security and >> Service-level security. According to the manual "Layer-level security >> and Service-level security cannot be combined. For example, it is not >> possible to specify access to a specific OGC service on one specific >> layer." >> >> I need to assign roles and permissions to the possible scenario below: >> >> roles: >> admin - to manage the server >> editor - allow wfs-t editing >> public - access only wms >> >> users: >> user1 - is the admin >> user2 - editor >> user3 - editor >> user4 - editor >> >> >> What I want is to limit editing (editor) to a specific layer but allow >> others to access the WMS. How do I assign security levels in this >> scenario? >> >> As a follow-up, can user2 to user4 edit the same layer all at the same >> time? I'm currently using opengeosuite and editing is via the >> standard geoeditor shipped i the opengeosuite. >> >> >> >> -- >> cheers, >> maning >> ------------------------------------------------------ >> "Freedom is still the most radical idea of all" -N.Branden >> wiki: http://esambale.wikispaces.com/ >> blog: http://epsg4253.wordpress.com/ >> ------------------------------------------------------ >> > > > > -- > cheers, > maning > ------------------------------------------------------ > "Freedom is still the most radical idea of all" -N.Branden > wiki: http://esambale.wikispaces.com/ > blog: http://epsg4253.wordpress.com/ > ------------------------------------------------------ > -- cheers, maning ------------------------------------------------------ "Freedom is still the most radical idea of all" -N.Branden wiki: http://esambale.wikispaces.com/ blog: http://epsg4253.wordpress.com/ ------------------------------------------------------ ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
