[Oskari-user] Options for managing users and their content in Oskari

Mäkinen Sami (MML) sami.makinen at maanmittauslaitos.fi
Thu Mar 29 04:29:16 PDT 2018 

Hi!

Users can have roles and roles are used to limit visibility of (registered OGC-service based) layers. Having some of the layer content/features shown based on the user is not supported,
but sure there's the option of publishing several layers from for example GeoServer (having different features visible using styling or creating different views to restrict feature data etc), register them to Oskari and assign role permissions for these layers.

User imported datasets behave differently than layers registered from an external service. In theory, sharing an imported dataset to other users for viewing should work by having the user imported layer public (by publishing an embedded map that has the layer) and creating a link that has said layer referenced in the mapLayers URL-parameter. Not very user-friendly but should work. In practice this doesn't seem to work: https://kartta.paikkatietoikkuna.fi/?zoomLevel=6&coord=429597.09783006145_7215094.224616284&mapLayers=base_35+100+default,userlayer_313+80+default <- notice the userlayer_313 reference for imported dataset, but sadly only the basemap is present in the selected layers when opening the url.

The imported datasets are not encrypted or anything so an admin user CAN take specific actions to see ALL of the imported data as a single layer (by giving a permission for the "baselayer" of the functionality), but he/she can't see individual users datasets as separate layers. Same goes for my places and analysis layers. Not sure if this answers your question.

The roles mapping for users that is used in Tampere geoportal is done using these saml-attribute mapper-classes currently included in Oskari:
https://github.com/oskariorg/oskari-server/tree/master/servlet-saml-config/src/main/java/fi/nls/oskari/spring/security/saml

A similar approach is used in paikkatietoikkuna.fi for user data (but not roles):
https://github.com/nls-oskari/kartta.paikkatietoikkuna.fi/tree/master/server-extension/src/main/java/fi/nls/oskari/spring/security/preauth

Both are based on the Spring Security framework. So if you have an external source for user data it can be integrated to Oskari to import the users. If the external user "database" have some data that can be used to determine what roles a given user should have that can be integrated to Oskari as well. So yep, there's plenty of options :) I'm not sure what the goal is you are trying to achieve and if these answers help you with those questions. Maybe you can elaborate a bit? Anyways, if you are mostly interested about permissions of the end-user imported datasets they use a different set of permissions than "normal" layers (a WMS-service or similar registered as a layer to Oskari).

Happy easter everyone and best regards,
         Sami

________________________________
Lähettäjä: Oskari-user <oskari-user-bounces at lists.osgeo.org> käyttäjän puolestaSanna Jokela <sanna at gispo.fi>
Lähetetty: 29. maaliskuuta 2018 12:38
Vastaanottaja: oskari-user at lists.osgeo.org
Kopio: Linna Petri
Aihe: [Oskari-user] Options for managing users and their content in Oskari

Hello all!

I received a question from Petri Linna (cc) about Oskari and user management.

What are the possibilities of Oskari and user management if one would need to restrict

a) different users to see different content (layers)
b) different users to see only selected features from one dataset

Or should this be done separately in e.g. GeoServer?

Found only admin side functions (admins can see all added layers and decide which are openly visible in Oskari).

And when adding your own datasets, you can view them your self or publish them with published maps, but you can not share those datasets to other users. Is it still possible for admin to see these datasets as well?

Tampere has done lot of work on this and integrated their user roles into Oskari - does anybody know are there any source code available on this?

Thanks again!

Best regards,
--
Sanna Jokela
paikkatietoasiantuntija
Gispo Oy
0407664607
www.gispo.fi<http://www.gispo.fi>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/oskari-user/attachments/20180329/0d4b72ad/attachment.html>

More information about the Oskari-user mailing list