<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; }--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p></p>
<div>Hi!</div>
<div><br>
</div>
<div>Users can have roles and roles are used to limit visibility of <span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px; background-color: rgb(255, 255, 255);">(registered OGC-service based)</span> layers. Having some of the layer content/features
shown based on the user is not supported, <br>
</div>
<div>but sure there's the option of publishing several layers from for example GeoServer (having different features visible using styling or creating different views to restrict feature data etc), register them to Oskari and assign role permissions for these
layers.<br>
</div>
<div><br>
</div>
<div>User imported datasets behave differently than layers registered from an external service. In theory, sharing an imported dataset to other users for viewing should work by having the user imported layer public (by publishing an embedded map that has the
layer) <span style="font-size: 12pt;">and creating a link that has said layer referenced in the mapLayers URL-parameter. Not very user-friendly but should work. In practice this doesn't seem to work</span><span style="font-size: 12pt;">: </span><a href="https://kartta.paikkatietoikkuna.fi/?zoomLevel=6&coord=429597.09783006145_7215094.224616284&mapLayers=base_35+100+default,userlayer_313+80+default" style="font-size: 12pt;">https://kartta.paikkatietoikkuna.fi/?zoomLevel=6&coord=429597.09783006145_7215094.224616284&mapLayers=base_35+100+default,userlayer_313+80+default</a><span style="font-size: 12pt;">
<- notice the userlayer_313 reference for imported dataset, but sadly only the basemap is present in the selected layers when opening the url.</span></div>
<div><br>
</div>
<div>The imported datasets are not encrypted or anything so an admin user CAN take specific actions to see ALL of the imported data as a single layer (by giving a permission for the "baselayer" of the functionality), <span style="font-size: 12pt;">but he/she
can't see individual users datasets as separate layers. Same goes for my places and analysis layers. Not sure if this answers your question.</span></div>
<div><br>
</div>
<div>The roles mapping for users that is used in Tampere geoportal is done using these saml-attribute mapper-classes currently included in Oskari: <br>
</div>
<div>https://github.com/oskariorg/oskari-server/tree/master/servlet-saml-config/src/main/java/fi/nls/oskari/spring/security/saml<br>
</div>
<div><br>
</div>
<div>A similar approach is used in paikkatietoikkuna.fi for user data (but not roles):<br>
</div>
<div><a href="https://github.com/nls-oskari/kartta.paikkatietoikkuna.fi/tree/master/server-extension/src/main/java/fi/nls/oskari/spring/security/preauth">https://github.com/nls-oskari/kartta.paikkatietoikkuna.fi/tree/master/server-extension/src/main/java/fi/nls/oskari/spring/security/preauth</a><br>
</div>
<div><br>
Both are based on the Spring Security framework. So if you have an external source for user data it can be integrated to Oskari to import the users. If the external user "database" have some data that can be used to determine what roles a given user should
have that can be integrated to Oskari as well. <span style="font-size: 12pt;">So yep, there's plenty of options :) I'm not sure what the goal is you are trying to achieve and if these answers help you with those questions. Ma</span><span style="font-size: 12pt;">ybe
you can elaborate a bit? Anyways, if you are mostly interested about permissions of the end-user imported datasets </span><span style="font-size: 12pt;">they use a different set of permissions than "normal" layers (a WMS-service
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px; background-color: rgb(255, 255, 255);">
or similar</span> registered as a layer to Oskari).</span></div>
<div><br>
</div>
<div>Happy easter everyone and best regards,<br>
</div>
<div> Sami<br>
</div>
<div><br>
</div>
<div style="color: rgb(33, 33, 33);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>Lähettäjä:</b> Oskari-user <oskari-user-bounces@lists.osgeo.org> käyttäjän puolestaSanna Jokela <sanna@gispo.fi><br>
<b>Lähetetty:</b> 29. maaliskuuta 2018 12:38<br>
<b>Vastaanottaja:</b> oskari-user@lists.osgeo.org<br>
<b>Kopio:</b> Linna Petri<br>
<b>Aihe:</b> [Oskari-user] Options for managing users and their content in Oskari</font>
<div> </div>
</div>
<div>
<div dir="ltr">Hello all!
<div><br>
</div>
<div>I received a question from Petri Linna (cc) about Oskari and user management. </div>
<div><br>
</div>
<div>What are the possibilities of Oskari and user management if one would need to restrict </div>
<div><br>
</div>
<div>a) different users to see different content (layers)</div>
<div>b) different users to see only selected features from one dataset</div>
<div><br>
</div>
<div><span style="color:rgb(34,34,34); font-family:arial,sans-serif; font-size:small; font-style:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; background-color:rgb(255,255,255); float:none; display:inline">Or
should this be done separately in e.g. GeoServer?</span> <br>
</div>
<div><br>
</div>
<div>Found only admin side functions (admins can see all added layers and decide which are openly visible in Oskari). </div>
<div><br>
</div>
<div>And when adding your own datasets, you can view them your self or publish them with published maps, but you can not share those datasets to other users. Is it still possible for admin to see these datasets as well?</div>
<div><br>
</div>
<div>Tampere has done lot of work on this and integrated their user roles into Oskari - does anybody know are there any source code available on this?</div>
<div><br>
</div>
<div>Thanks again!</div>
<div><br>
</div>
<div>
<div>Best regards,</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div style="font-size:small">Sanna Jokela</div>
<div><font size="1">paikkatietoasiantuntija</font></div>
<div><font size="1">Gispo Oy</font></div>
<div><font size="1">0407664607</font></div>
<div><font size="1"><a href="http://www.gispo.fi" target="_blank">www.gispo.fi</a> </font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>