[Geoserver-devel] [JIRA] (GEOS-11072) Catalog Mode CHALLENGE and Data security rules, more access that expected

Thu, 13 Jul 2023 01:07:24 -0700 

Karsten D. ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5e4cfaf2924db10e74b8110f
 ) *created* an issue

GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiYWQ3OWUyZGM0NWFhNDZjODgwYWM4NDAzMDUzZTM5NWQiLCJwIjoiaiJ9
 ) / Bug ( 
https://osgeo-org.atlassian.net/browse/GEOS-11072?atlOrigin=eyJpIjoiYWQ3OWUyZGM0NWFhNDZjODgwYWM4NDAzMDUzZTM5NWQiLCJwIjoiaiJ9
 ) GEOS-11072 ( 
https://osgeo-org.atlassian.net/browse/GEOS-11072?atlOrigin=eyJpIjoiYWQ3OWUyZGM0NWFhNDZjODgwYWM4NDAzMDUzZTM5NWQiLCJwIjoiaiJ9
 ) Catalog Mode CHALLENGE and Data security rules, more access that expected ( 
https://osgeo-org.atlassian.net/browse/GEOS-11072?atlOrigin=eyJpIjoiYWQ3OWUyZGM0NWFhNDZjODgwYWM4NDAzMDUzZTM5NWQiLCJwIjoiaiJ9
 )

Issue Type: Bug Affects Versions: 2.22.3 Assignee: Unassigned Components: 
Security Created: 13/Jul/23 10:06 AM Environment:

Windows 2019

Tomcat 9.0.73
Geoserver 2.22.3

Priority: Medium Reporter: Karsten D. ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5e4cfaf2924db10e74b8110f
 )

Hello

I wanted to test a user setup, where one user will have admin control over one 
Workspace, but it seems like the user gets more access to edit than I expected.

The setup is as follows:

Catalog Mode = CHALLENGE (This is because we want to show alle possible 
services and layers in our capability document)

User: TEST

Role: ROLE_TEST

Workspace that the user may edit and setup: Test

Data security rule is “Test.*.a” for “ROLE_TEST”

There is only the workspace, there is no datastore or anything added to it.

*When this is setup, and I log on with the user TEST, I am able to edit all 
current Workspaces, stores and layers on the Geoserver, in some degree, way 
more than the Data security rule should give the user access to, how can this 
be?*

If I set the Catalog Mode to “mixed” or “hide”, I see what is expected to be 
administrated by this user, the workspace.

It seems Odd that the user have access to edit part of other workspaces, stores 
and layers this was not given access to in the Data Security.

Do I misunderstand the functionality?

Best regards

Karsten

( 
https://osgeo-org.atlassian.net/browse/GEOS-11072#add-comment?atlOrigin=eyJpIjoiYWQ3OWUyZGM0NWFhNDZjODgwYWM4NDAzMDUzZTM5NWQiLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-11072#add-comment?atlOrigin=eyJpIjoiYWQ3OWUyZGM0NWFhNDZjODgwYWM4NDAzMDUzZTM5NWQiLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100231- 
sha1:2991753 )
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel














    











					Reply via email to