Roles¶
GeoServer roles are keys associated with performing certain tasks or accessing particular resources. Roles are assigned to users and groups, authorizing them to perform the actions associated with the role. A GeoServer role includes the following:
- Role name
- Parent role
- Set of key/value pairs
GeoServer roles support inheritance—a child role inherits all the access granted to the parent role. For example, suppose you have one role named ROLE_SECRET
and another role, ROLE_VERY_SECRET
, that extends ROLE_SECRET
. ROLE_VERY_SECRET
can access everything ROLE_SECRET
can access, but not vice versa.
Key/value pairs are implementation-specific and may be configured by the role service the user or group belongs to. For example, a role service that assigns roles based on employee organization may wish to associate additional information with the role such as Department Name.
Geoserver has a number of system roles, the names of which are reserved. Adding a new GeoServer role with reserved name is not permitted.
ROLE_ADMINISTRATOR
—Provides access to all operations and resourcesROLE_GROUP_ADMIN
—Special role for administrating user groupsROLE_AUTHENTICATED
—Assigned to every user authenticating successfullyROLE_ANONYMOUS
—Assigned if anonymous authentication is enabled and user does not log on