[mapguide-users] Security restrictions on layers functionality

Trevor Wekel trevor_wekel at otxsystems.com
Mon Jan 4 10:05:21 EST 2010


The security model in MapGuide does support layer permissions based on users/groups.  However, I do not believe the ramifications of permissions on layers, feature sources, and  maps has been fully considered.  If a permission denied error on a layer or a feature source simply removed the layer(s) from map, a single map supporting a wide range of groups/roles could be created.

This would be an excellent enhancement to MapGuide.  I believe an RFC should be written to capture all the details on how permissions should affect display of maps.  I expect there will be some code changes required in both viewers and the mapagent to successfully implement this enhancement.  This would likely be a small to medium development effort (one week, maybe two)

I have a couple of other ideas for RFCs in this realm as well:


-          Role based display of menu items and tool bar buttons.  This would allow MapGuide to "autoconfigure" itself when a user logs in.  This would take significantly more time to implement due to authoring and schema changes required.

-          LDAP/Active Directory integration.  This would allow MapGuide to authenticate (username/password) and authorize (user/group/role) against corporate security infrastructure.  I can't take credit for this idea.  It was discussed during my time at Autodesk.  This would also be a longer term project.

If there is positive response from the list, I would be happy to take these on if funding can be found.  Please keep in mind that funding can also come from multiple sources.  This is one of the advantages of open source.  A single company does not have to bear the entire financial burden.

Thanks,
Trevor


From: mapguide-users-bounces at lists.osgeo.org [mailto:mapguide-users-bounces at lists.osgeo.org] On Behalf Of Martin Morrison
Sent: January 4, 2010 6:31 AM
To: MapGuide Users Mail List
Subject: RE: [mapguide-users] Security restrictions on layers functionality

Create two maps, one with the secured layers, one without.  The client only gets the secured map after login...

Martin

From: mapguide-users-bounces at lists.osgeo.org [mailto:mapguide-users-bounces at lists.osgeo.org] On Behalf Of Nick Sebastyan
Sent: Monday, January 04, 2010 3:49 AM
To: MapGuide Users Mail List
Subject: [mapguide-users] Security restrictions on layers functionality

Greetings all,

I was wondering if the functionality to restricted layers has been implemented because when i try to put restrictions on a layer when i try to view the map in a browser i get a "Permission denied to resource: Library://Samples/Sheboygan/Layers/Districts.LayerDefinition" error.

What i mean by functionality is the map to be displayed without the restricted layers instead of getting an error page.

Thanks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/mapguide-users/attachments/20100104/9a159c65/attachment.html


More information about the mapguide-users mailing list