Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
siwei
/
web-server
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Branch: master
Branches Tags
web-server
/
doc
/
en
/
user
/
source
/
security
/
webadmin
/
data.rst

data.rst 2.4 KB
Permalink Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. .. _security_webadmin_data:
    2. 

  2. 

  3. Data
    4. 

  4. ====
    5. 

  5. 

  6. This section provides access to security settings related to data management and :ref:`security_layer`. Data access is granted to roles, and roles are granted to users and groups.
    7. 

  7. 

  8. Rules
    9. 

  9. -----
    10. 

  10. 

  11. There are two rules available by default, but they don't provide any restrictions on access by default. The first rule ``*.*.r``, applied to all roles, states that any operation in any resource in any workspace can be read. The second rule, ``*.*.w``, also applied to all roles, says the same for write access.
    12. 

  12. 

  13. .. figure:: images/data_rules.png
    14. 

  14.    :align: center
    15. 

  15. 

  16.    *Rules for data access*
    17. 

  17. 

  18. Clicking an existing rule will open it for editing, while clicking the :guilabel:`Add a new rule` link will create a new rule.
    19. 

  19. 

  20. .. figure:: images/data_newrule.png
    21. 

  21.    :align: center
    22. 

  22. 

  23.    *Creating a new rule*
    24. 

  24.    
    25. 

  25. .. figure:: images/data_lgrule.png
    26. 

  26.    :align: center
    27. 

  27. 

  28.    *Editing a layer group rule*
    29. 

  29.    
    30. 

  30. 

  31. .. list-table:: 
    32. 

  32.    :widths: 40 60 
    33. 

  33.    :header-rows: 1
    34. 

  34. 

  35.    * - Option
    36. 

  36.      - Description
    37. 

  37.    * - Global layer group rule
    38. 

  38.      - If checked, switches the editor to create/edit a rule about a global layer group (and will remove the layer configuration as a result)
    39. 

  39.    * - Workspace
    40. 

  40.      - Sets the allowed workspace for this rule. Options are ``*`` (all workspaces), or the name of each workspace.
    41. 

  41.    * - Layer and groups
    42. 

  42.      - Sets the allowed layer/groups for this rule. Options are ``*`` (all layers/groups in the chosen workspace), or the name of each layer in the above workspace. Will be disabled until the workspace is set.
    43. 

  43.    * - Access mode
    44. 

  44.      - Specifies whether the rule refers to either ``Read`` or ``Write`` mode
    45. 

  45.    * - Grant access to any role
    46. 

  46.      - If selected, the rule will apply to all roles, with no need to specify
    47. 

  47.    * - Role list
    48. 

  48.      - Full list of roles, including a list of roles to which the rule is associated. Association can be toggled here via the arrow buttons. This option is not applied if :guilabel:`Grant access to any role` is checked.
    49. 

  49.    * - Add a new role
    50. 

  50.      - Shortcut to adding a new role
    51. 

  51. 

  52. Catalog Mode
    53. 

  53. ------------
    54. 

  54. 

  55. This mode configures how GeoServer will advertise secured layers and behave when a secured layer is accessed without the necessary privileges. There are three options:  :guilabel:`HIDE`, :guilabel:`MIXED`, and :guilabel:`CHALLENGE`. For further information on these options, please see the section on :ref:`security_layer`.
    56. 

  56. 

  57. .. figure:: images/data_catalogmode.png
    58. 

  58.    :align: center
    59. 

  59. 

  60.    *Catalog mode*
    61.