Managing Roles Services and RolesΒΆ

A role service provides the following information for roles:

  • List of roles
  • Calculation of role assignments for a given user
  • Mapping of a role to the system role ROLE_ADMINISTRATOR
  • Mapping of a role to the system role ROLE_GROUP_ADMIN

When a user/group service loads information about a user or a group, it delegates to the role service to determine which roles should be assigned to the user or group.

A default service is available in standard GeoServer installation.

Additional services can be configured, if needed, but unlike user/group services, only one role service is active at any given time.

Two different types of services are available: one using xml files to store data about roles and another one using a database.

We will now add a role to the default service:

  1. From the Welcome page click the Users, Groups, Roles link on the Menu Security section.

    ../_images/UsersGroupsRolesFullScreen.png

    The Main page for managing Users, Group and Roles.

  2. Add more Roles to default role service accessing to the roles page clicking on the role name, then click on the second tab called Roles.

  3. Click on Add new button for add one more Role.

    ../_images/role1.png

    Insert testrole in the Name text field.

  4. Click Save to create the new role.

The new role can be assigned to a user:

  1. From the Welcome page click the Users, Groups, Roles link on the Menu Security section.

  2. Click on the tab called Users/Groups.

  3. Click on a username of your choice.

  4. Select the testrole element in the Available list of the Roles taken from active role service: default menu

  5. Click the arrow right button to add the element to the Selected list

    ../_images/role2.png
  6. Click Save to bind the new role to the user.

Now you can use the role to limit access to Services or Layers.