data.rst 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960
  1. .. _security_webadmin_data:
  2. Data
  3. ====
  4. This section provides access to security settings related to data management and :ref:`security_layer`. Data access is granted to roles, and roles are granted to users and groups.
  5. Rules
  6. -----
  7. There are two rules available by default, but they don't provide any restrictions on access by default. The first rule ``*.*.r``, applied to all roles, states that any operation in any resource in any workspace can be read. The second rule, ``*.*.w``, also applied to all roles, says the same for write access.
  8. .. figure:: images/data_rules.png
  9. :align: center
  10. *Rules for data access*
  11. Clicking an existing rule will open it for editing, while clicking the :guilabel:`Add a new rule` link will create a new rule.
  12. .. figure:: images/data_newrule.png
  13. :align: center
  14. *Creating a new rule*
  15. .. figure:: images/data_lgrule.png
  16. :align: center
  17. *Editing a layer group rule*
  18. .. list-table::
  19. :widths: 40 60
  20. :header-rows: 1
  21. * - Option
  22. - Description
  23. * - Global layer group rule
  24. - If checked, switches the editor to create/edit a rule about a global layer group (and will remove the layer configuration as a result)
  25. * - Workspace
  26. - Sets the allowed workspace for this rule. Options are ``*`` (all workspaces), or the name of each workspace.
  27. * - Layer and groups
  28. - Sets the allowed layer/groups for this rule. Options are ``*`` (all layers/groups in the chosen workspace), or the name of each layer in the above workspace. Will be disabled until the workspace is set.
  29. * - Access mode
  30. - Specifies whether the rule refers to either ``Read`` or ``Write`` mode
  31. * - Grant access to any role
  32. - If selected, the rule will apply to all roles, with no need to specify
  33. * - Role list
  34. - Full list of roles, including a list of roles to which the rule is associated. Association can be toggled here via the arrow buttons. This option is not applied if :guilabel:`Grant access to any role` is checked.
  35. * - Add a new role
  36. - Shortcut to adding a new role
  37. Catalog Mode
  38. ------------
  39. This mode configures how GeoServer will advertise secured layers and behave when a secured layer is accessed without the necessary privileges. There are three options: :guilabel:`HIDE`, :guilabel:`MIXED`, and :guilabel:`CHALLENGE`. For further information on these options, please see the section on :ref:`security_layer`.
  40. .. figure:: images/data_catalogmode.png
  41. :align: center
  42. *Catalog mode*