subject:"\[Geoserver\-users\] What's the purpose of ROLE_GROUP

Re: [Geoserver-users] What's the purpose of ROLE_GROUP_ADMIN?

2021-03-10 Thread Jody Garnett

It unlocks the user management screens.

It is intended (for example) to be given to a team lead so they can setup
new team members. This role allows management of users without having
access to all the admin screens.

Jody

On Tue, Mar 9, 2021 at 6:57 AM Peter Smythe  wrote:

> Hi all
>
> According to
> https://docs.geoserver.org/stable/en/user/security/usergrouprole/roles.html,
> there are 4 reserved role names:
>
>
>-
>
>ROLE_ADMINISTRATOR—Provides access to all operations and resources
>-
>
>ROLE_GROUP_ADMIN—Special role for administrating user groups
>-
>
>ROLE_AUTHENTICATED—Assigned to every user authenticating successfully
>-
>
>ROLE_ANONYMOUS—Assigned if anonymous authentication is enabled and
>user does not log on
>
> I understand and have used these, except for ROLE_GROUP_ADMIN.
>
> *(I have also configured the workspace/layer level admin mode in Layer
> Security (ref:
> https://docs.geoserver.org/latest/en/user/security/layer.html#access-modes
> )
> which gives a user access to the configuration of the specified workspace,
> and I believe this has nothing to do with ROLE_GROUP_ADMIN )*
>
> When I configure a test user with ROLE_GROUP_ADMIN:
>
> [image: image.png]
>
> I see that the *Administrator for groups* combo box is greyed out - is
> that correct?  Should I be able to select which of multiple groups this
> user can administer?
>
> And when this user logs into the web admin interface, they get no
> additional functionality:
>
> [image: image.png]
>
> Can someone please explain to me how this "Special role for administrating
> user groups" works?  Is it only applicable to the REST interface?
>
> Thank you
>
> Peter
>
>
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
-- 
--
Jody Garnett
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

[Geoserver-users] What's the purpose of ROLE_GROUP_ADMIN?

2021-03-09 Thread Peter Smythe

Hi all

According to
https://docs.geoserver.org/stable/en/user/security/usergrouprole/roles.html,
there are 4 reserved role names:


   -

   ROLE_ADMINISTRATOR—Provides access to all operations and resources
   -

   ROLE_GROUP_ADMIN—Special role for administrating user groups
   -

   ROLE_AUTHENTICATED—Assigned to every user authenticating successfully
   -

   ROLE_ANONYMOUS—Assigned if anonymous authentication is enabled and user
   does not log on

I understand and have used these, except for ROLE_GROUP_ADMIN.

*(I have also configured the workspace/layer level admin mode in Layer
Security (ref:
https://docs.geoserver.org/latest/en/user/security/layer.html#access-modes
)
which gives a user access to the configuration of the specified workspace,
and I believe this has nothing to do with ROLE_GROUP_ADMIN )*

When I configure a test user with ROLE_GROUP_ADMIN:

[image: image.png]

I see that the *Administrator for groups* combo box is greyed out - is that
correct?  Should I be able to select which of multiple groups this user can
administer?

And when this user logs into the web admin interface, they get no
additional functionality:

[image: image.png]

Can someone please explain to me how this "Special role for administrating
user groups" works?  Is it only applicable to the REST interface?

Thank you

Peter
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] What's the purpose of ROLE_GROUP_ADMIN?

[Geoserver-users] What's the purpose of ROLE_GROUP_ADMIN?

2 matches

Site Navigation

Mail list logo

Footer information