Service Level SecurityΒΆ

GeoServer allows access to be determined on a service level (WFS, WMS). Access to services are linked to roles. Services and roles are linked in a file called which is located in the security directory in your $geoserver_data folder (%geoserver_data% in Windows).


The syntax for setting security is as follows (parameters in brackets are optional):



  • service can be wfs, wms, or wcs
  • method can be any method supported by the service. (ie.: GetFeature for WFS, GetMap for WMS)
  • role[,role2,...] is the name(s) of predefined roles.

Service-level security and Layer level security cannot be combined. For example, it is not possible to specify access to a specific OGC service on one specific layer.

  1. From the Welcome page click the Services link on the Menu Security section.


    You have to be logged in as Administrator in order to activate this function.

  2. Click Add new rule in the top menu and enter the following configuration:

    • Select wms from Service combo box.
    • Select GetMap from method combo box.
    • Select the ROLE_WS created in previous section and pres the right arrow at the center of the window.

    The new role form

  3. Click the Save button.


    The Service access rules list

  4. Navigate to the Map Preview and try to show a layer with OpenLayers. You’ll find that it is inaccessible.

  5. Logout as admin and login as wsuser.

  6. Navigate to the Map Preview and try to show a layer with OpenLayers. Now the layers are accessible.