Here is what I can think of: You can set individual permissions per each workspace/layer combination, including the wildcard "*" for every layer on a specific workspace or "*.*" for every layer in every workspace.
For example: role "Editor" has edit access to "Area1".* (all layers of workspace "Area1") role "Analyst" has read access to "Area1"."potholes" (layer "potholes" of workspace "Area1") role "Admin" has admin access to "*"."*" (all layers ofall workspaces) So one might want to configure each WORKSPACE to implement different security directives. I find no reason to implement duplicated STOREs though. I also do not know the specific needs for INSPIRE compliance, so there might be something in the docs. The setup you describe seems to be unnecessarily complex. My opinion is that complexity is generally bad for security. By the way, upgrading your geoserver is also important for security. I didn't check, but I bet that there are a lot of security patches on top of 2.8.0. Best, Daniel Em 14/02/2017 13:07, dimmihel escreveu: > Hi list, > > I am in the process of cleaning / re-configuring a single Geoserver 2.8.0 > instance on an Ubuntu 14.04 machine. > > The current configuration publishes only vector data and has approximately > 100 workspaces and each workspace collects data from a different data stores > (i.e. 100 data stores) and each workspace publishes only one layer for each > data store (i.e. 100 layers published). > > The thing that I cannot understand is that although there are 100 data > stores *ALL* of them connect to the same remote database server (PostgreSQL > 9.4), using the same schema in the database server, and using the same user > credentials. I was told that at the time of installation (~1.5 years ago) > the person responsible backed this up with evidence (unfortunately not > documented) suggesting that such a setup ensures INSPIRE compliance for the > published data and security is increased. > > My understanding was that a new data store would be created if data which > needs to be published were stored in a different format / structure (i.e. > publishing a shape file and a table in the same geoserver instance requires > two stores or publishing two tables in different schema requires two stores > and so on.) > > Can you think of any reason why would someone have multiple data stores > connecting to the same source? > > Regards, > D. > > > > -- > View this message in context: > http://osgeo-org.1560.x6.nabble.com/Geoserver-data-stores-tp5307897.html > Sent from the GeoServer - User mailing list archive at Nabble.com. > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Geoserver-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/geoserver-users > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
