Mapping Security

Data security

You may restrict access to mapping data on a workspace by workspace, or layer by layer basis:

1. When editing a workspace, change to the Security tab to restrict access via role.

   The placeholder roles ADMIN, ROLE_AUTHENTICATED, ROLE_ANONYMOUS are often all that is needed, although you may define additional roles to match your corporate policies.

   Workspace security

   In the above example workspace access is restricted to authenticated users.

2. To override the workspace security restrictions for an individual layer use the Layer editor and the Security tab.

   In the above example layer write is restricted to ADMIN users.

3. Navigate to Security ❯ Data for an overview of all data restrictions.

   Data security overview

4. The catalogue mode controls if layers are listed (in the GetCapabilities service description).

   As a performance optimization you may consider making use of CHALLENGE which quickly lists all content, but requires authorization when data contents are accessed.

Service security

Security can also be used to control access to specific web services:

1. Navigate to Data ❯ Security to manage service restrictions.

   Service Security

   In the above example the WFS transaction operation, used to edit data, is restricted to authenticated users. The WFS create and drop stored query operations are limited to administrators.

2. Services can also be disabled, for example navigating to Services ❯ WPS and unchecking the enable checkbox.

   WPS Service enable/disable control

3. Services can be selectively customized (including enabled/disabled) on a workspace by workspace basis.

   When editing a workspace, select the checkbox next to the service you wish to customize. Once saved your customization is available to edit.

   Customize workspace services

4. Services can selectively enabled/disabled on a layer by layer basis. When editing a layer using the Publishing tab.

   Selectively enable services for a layer