[GeoNode-devel] Question about GeoNdoe Layer "view" and "download" permissions

Alessio Fabiani alessio.fabiani at geo-solutions.it
Thu Oct 20 04:07:20 PDT 2016

Dear all,
while working on this GNIP (GNIP: GeoServer A&A Improvements)


(which by the way has been updated allowing GeoNode and GeoServer to rely
on OAuth2 Protocol and GeoFence)

we are facing an "issue" trying to set layers' access rules accordingly to
GeoNode permissions.

Long story short, currently GeoNode allows a user to setup two different
kind of Layer access permissions:

1. View permissions (the Layer can be visualized on map and is listed on
the GeoNode layers list)

2. Download permissions (the Layer can be downloaded in several formats,
JPEG, PNG, PDF etc...)

While this is correctly handled on GeoNode side, I guess there are some
discrepancies on how this can be handled on the backend (GeoServer in this

The thing is, if you can download a layer on the backend you necessarily
have also permissions to see it. Unless view and download use different
protocols (which is not the case) to download a layer a user must have
permissions to access it.

That means that even if in GeoNode we remove view permissions to a layer
but we leave download ones, the Layer won't be listed in GeoNode but it
will be always accessible from GeoServer.

I'm going to ask here, is it correct to maintain this logic? Should be
instead put more controls on GeoNode and make view permissions take
precedence on download ones (if you cannot view it you cannot download it


Best Regards,
Alessio Fabiani.

GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.

Ing. Alessio Fabiani
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686




Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility  for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20161020/5204b143/attachment.html>

More information about the geonode-devel mailing list