by David Crowther
Question:
How can you Publish just 1 Layer from your GeoServer Instance as a WFS Layer?
Answer:
Instead of providing everybody with full access to your GeoServer instance, you should ensure that you setup Users, Roles and Workspaces to limit data access for your clients.
Follow these steps below as an example that you can use:
1. Firstly, so that you can limit the Layers available to Users, create a new WORKSPACE – in this example we will call this TEST.
2. So that we can publish a Layer into the TEST Workspace, we will need to create a new STORE which uses the TEST WORKSPACE.
In this example we will create a Store pointing to a SQL Database.
3. Publish any Layers as needed into the Workspace e.g. Ancient Woodland
Using the Add Layers option, choose to Publish a Layer from the SQL_GeoStore_Test.
Find the table you wish to publish e.g. Ancient Woodland and Publish as needed…
4. Create a new ROLE – ROLE_TEST.
To set security and Data Access control for this layer, firstly create a new ROLE. In this example we will create a Role called ROLE_TEST.
5. Create a new USER – USER_TEST.
To provide Users with access to this Role and the associated Layers, next create a new USER e.g. USER_TEST, by detailing the Username and Password.
And in the Selected Roles list, ensure that you associate the new Role – ROLE_TEST with your new User.
6. Finally, we need to define the DATA access for the new ROLE – ROLE_TEST.
In the Security section of GeoServer choose Data and Add a New Rule.
Having chosen Add new rule, specify the details as follows:
- Workspace = TEST
- Layers = choose the List of Layers, or * for ALL Layers that you wish to provide access to – in this example we will choose just one layer e.g., Ancient Woodland
- Access = specify if the access to the layer(s) is Write or Read Only as needed
- Roles = associate the ROLE_TEST to this new rule
We have now successfully created a new Workspace, Role, User and Data Access Rule. Let’s now test this via a client application such as QGIS.
7. In QGIS choose Add WFS Connection and enter the details for the new WFS Connection.
- The URL will be the normal URL for your GeoServer instance, but with the new TEST Workspace Name within the URL - https://servername:8443/geoserver/Test/wfs
- Specify the login details for the new User (USER_TEST) that we created earlier.
- Once connected notice that the list of Layers will be restricted to those available to the new User (USER_TEST) in the new Workspace (TEST),… which in this case is just the layer called - Ancient Woodland.
8. Once we then add the WFS Layer into QGIS we can view the layer, make edits and write changes back to the source SQL GeoStore.
For example, if we use the edit tools we can reshape the boundary of the Ancient Woodland Layer.
… and pressing Save, will then write the change back via GeoServer to the source SQL table.
We have successfully now created a WFS Service for a client application, such as QGIS, where we can control the Layers that can be opened and whether that access is Read Only or Write Access. This gives you far greater control and security on your data layers!
Comments (0 comments)