I am not sure how this works with GeoFence (which offers much more control/complexity).
Please try with just a plain GeoServer. Please note that there are two separate things: 1. Granting a user GROUP_ADMIN allows the use of the user administration screen in geoserver web admin console thing 2. Granting a user r/w/a access for a workspace grants ability to use the data management pages in the web admin console Granting a user ADMIN access unlocks everything ... -- Jody Garnett On Thu, Feb 23, 2023 at 7:20 AM Paul Wittle < paul.wit...@dorsetcouncil.gov.uk> wrote: > Hi Jody, > > > > That is interesting but oddly not working for me in my current use case > which is strange. If I give a user ADMIN and GROUP_ADMIN it all works > nicely but if I give a user GROUP_ADMIN and then a specific role granting > admin to a particular workspace they are not able to log in at all. > > > > I suspect it is something to do with my lack of understanding of the > GeoFence permissions and I’m going on some training in the future I hope so > probably just me doing something wrong but good to know the user case has > been investigated. > > > > Paul > > > > *From:* Jody Garnett <jody.garn...@gmail.com> > *Sent:* 23 February 2023 14:31 > *To:* Paul Wittle <paul.wit...@dorsetcouncil.gov.uk> > *Cc:* geoserver-users@lists.sourceforge.net > *Subject:* Re: [Geoserver-users] Question about administrative access > > > > Yes, this of the GROUP_ADMIN role. Specifically created for “team leads” > to many the team members with access to their workspace. > > > > Also note you can grant admin permission to a workspace or layer. This > allows users ability to manage data publication in that workspace or layer. > > > > REST API has its own permissions if you would like to provide access to > scripts or tools like GeoCat bridge for remote management. > > > > On Thu, Feb 23, 2023 at 1:54 AM Paul Wittle via Geoserver-users < > geoserver-users@lists.sourceforge.net> wrote: > > Morning, > > > > I’ve been looking at the security in GeoServer and I know this is quite a > complex area. I can see that you can assign users / roles the ADMIN > permission in both the out of the box GeoServer and also within the > GeoFence extension but this always seems to be tied to a workspace. > > > > Is there a way to give a user admin rights to manage users without giving > them instant access to all the other functions in the admin UI? > > > > I’d like to make it so that some users can assign other users to roles / > groups but pretty much limit their access to just that. So for example I > don’t want them to be able to switch on and off the WMS service or change > the logging profile but I do want them to be able to assign “Jeff” to see > “highways data”. > > > > At present I’m thinking the only way of doing it would be to create a very > simple UI and point it at the REST endpoints as I can’t see that it is > possible in the normal UI or documentation but I thought I’d ask in case > anyone else has ever tried it? > > > > I will carry on searching and thank you for the recent updates to deal > with CVE issues. I know people put a lot of effort in to the project and I > know I am really grateful for this amazing product being available open > source! > > > > Cheers, > > Paul > > This e-mail and any files transmitted with it are intended solely for the > use of the individual or entity to whom they are addressed. It may contain > unclassified but sensitive or protectively marked material and should be > handled accordingly. Unless you are the named addressee (or authorised to > receive it for the addressee) you may not copy or use it, or disclose it to > anyone else. If you have received this transmission in error please notify > the sender immediately. All traffic may be subject to recording and/or > monitoring in accordance with relevant legislation. Any views expressed in > this message are those of the individual sender, except where the sender > specifies and with authority, states them to be the views of Dorset > Council. Dorset Council does not accept service of documents by fax or > other electronic means. Virus checking: Whilst all reasonable steps have > been taken to ensure that this electronic communication and its attachments > whether encoded, encrypted or otherwise supplied are free from computer > viruses, Dorset Council accepts no liability in respect of any loss, cost, > damage or expense suffered as a result of accessing this message or any of > its attachments. For information on how Dorset Council processes your > information, please see www.dorsetcouncil.gov.uk/data-protection > > _______________________________________________ > Geoserver-users mailing list > > Please make sure you read the following two resources before posting to > this list: > - Earning your support instead of buying it, but Ian Turton: > http://www.ianturton.com/talks/foss4g.html#/ > - The GeoServer user list posting guidelines: > http://geoserver.org/comm/userlist-guidelines.html > > If you want to request a feature or an improvement, also see this: > https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer > > > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users > > -- > > -- > > Jody Garnett > This e-mail and any files transmitted with it are intended solely for the > use of the individual or entity to whom they are addressed. It may contain > unclassified but sensitive or protectively marked material and should be > handled accordingly. Unless you are the named addressee (or authorised to > receive it for the addressee) you may not copy or use it, or disclose it to > anyone else. If you have received this transmission in error please notify > the sender immediately. All traffic may be subject to recording and/or > monitoring in accordance with relevant legislation. Any views expressed in > this message are those of the individual sender, except where the sender > specifies and with authority, states them to be the views of Dorset > Council. Dorset Council does not accept service of documents by fax or > other electronic means. Virus checking: Whilst all reasonable steps have > been taken to ensure that this electronic communication and its attachments > whether encoded, encrypted or otherwise supplied are free from computer > viruses, Dorset Council accepts no liability in respect of any loss, cost, > damage or expense suffered as a result of accessing this message or any of > its attachments. For information on how Dorset Council processes your > information, please see www.dorsetcouncil.gov.uk/data-protection >
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
