Hi, I guess that those who are not allowed to DELETE are not allowed to UPDATE either, or would it be acceptable to update all attributes into nulls?
-Jukka Rahkonen- Lähettäjä: Jody Garnett <jody.garn...@gmail.com> Lähetetty: maanantai 22. kesäkuuta 2020 10.58 Vastaanottaja: michael-haer...@telekom.de Kopio: GeoServer Users <Geoserver-users@lists.sourceforge.net> Aihe: Re: [Geoserver-users] Restricting WFS-T to certain Transactions The security module is on <service><operation> basis ... and those are all part of the same "WFS.Transaction" operation :P So this would be a new feature request. -- Jody Garnett On Thu, 18 Jun 2020 at 02:50, <michael-haer...@telekom.de<mailto:michael-haer...@telekom.de>> wrote: Dear List, we currently offer some layers to our users via WFS-T which works quite well but now they requested that only some users are allowed to delete features of a layer and some other may only read and write and others may only read. While I can easily offer solutions for keeping read and write/delete operations separate I have no idea how to separate write and delete if at the same time I need to stick to WFS-T. I consulted the geofence documentation and found write CQL rules and indeed found fine-grained access controls but I didn’t find any solution to restrict access to certain WFS-T operations which are only distinguishable by parsing the contents of the XML body in the WFS-T request. Did I miss something? Can somebody tell me if there is a solution in geofence or does anybody have a different solution based on WFS-T? (I searched the mailing list archive for a solution first but my search for “WFS-T” “write” and “delete” gave me more than 65.000 hits which I could not read all). Thank you very much for your help and ideas, Michael Härtel Deutsche Telekom IT GmbH Technology Solutions Michael Härtel GIS-mobile Oberkasseler Strasse 2, 53227 Bonn, Germany +49 228 18149623 (Phone) E-Mail: michael.haer...@t-systems.com<mailto:michael.haer...@t-systems.com> Internet: www.telekom.com<http://www.telekom.com/> Life is for sharing. You can find the obligatory information on www.telekom.com/compulsory-statement-dtit<http://www.telekom.com/compulsory-statement-dtit> Big changes start small – conserve resources by not printing every e-mail. Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you. _______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/geoserver-users
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
