Section : 1. GeoNode

Module : 1.10. Content Permissions

Permission Management

“GeoNode supports granular permission management of content for a variety of platform actions”

All content in GeoNode is access controlled using the internal permission management system. By default, many content types are publicly available for viewing purposes, but control over editing features is restricted to the content owner (which is typically the user who published it).

GeoNode allows for the management of permissions at the User and the User group level. User groups are collections of user accounts and will be covered in another training module. This module will focus on user-level permissions only.

During the upload process, GeoNode provides a variety of controls for controlling the permissions on content for each of the various action types as outlined below:

  • View: This defines who can view the content on the GeoNode platform
  • Download: This defines who can download the content from the GeoNode platform
  • Metadata: This defines who can edit and update the metadata for the uploaded content
  • Edit: This defines who can update, delete or change the existing permissions for the content item

Note that GeoNode also provides an "Anyone" checkbox for viewing and download permissions. When this is checked it means that an item is "public" and can be viewed or downloaded by users that are not authenticated with GeoNode (anonymous access). The edit and metadata management permissions require an authenticated user and so cannot be made public, therefore these sections do not contain the option to expose these functions publicly.

Read-only metadata will also automatically be available for any content that is available to a particular user, and the metadata permissions are for metadata editing and management only.

Edit permissions apply to the GeoNode content item and not the underlying data. Data editing permissions are available from the GeoNode interface, but they are exposed on the content details section and not the content upload portal.

You try:

Goal: To learn how to control access to content actions using GeoNode permissions

  • Find a partner to test permissions with. If you are working alone, you can utilize multiple accounts and test the relevant permissions independently
  • Upload a new data layer, map, or document and edit the permissions to ensure that the content is publicly available. Test this by signing out of GeoNode and attempting to access the content
  • Now try to create a layer, map, and document but edit the permissions so that only you and your partner's account have access to it. Try to access the content publicly and ensure that you don't have access. Check to see that your partner has access to the content, but cannot edit the object details or metadata.
  • Now try to create a new content item, but edit the permissions to ensure that your partner has access to the content metadata and that they can manage the object content. They should be able to modify the content details and even remove the item if they wish.
  • Check the content details page and look for the Change Permissions function in order to access advanced permissions controls

Check your results

Did you add metadata to your public layers or documents? Were you able to access the metadata with a public account?
When you shared content with your partner, did the permissions work as you intended, or did they have more or less control than you anticipated?
Did you find any unexpected behavior, such as removing content permissions for your own account?
Where you able to access the advanced permissions controls? Did you experiment with them and test the results?

More about content permissions

GeoNode content permissions are integrated with the GeoNode web services. This means that accessing the data from external applications can be authenticated with the GeoNode instance to control which data is available for specified users.

The GeoNode content editing permissions, however, do not give access to edit the underlying data. This is controlled via the advanced permissions controls available from the content details page. In addition, different content types have more controls based on the item type. For example, layers have style editing options and the ability to set GeoLimits, whereby a spatial data definition can be uploaded to define the particular extent which a GeoNode user or group has access to.

Check your knowledge:

  1. Which of the following statements best describes permission management in GeoNode:

    1. GeoNode has advanced permissions management because it uses Geoserver roles
    2. GeoNode permissions are granular and are defined by action and user or group
    3. GeoNode permissions define whether an item is public or not

  2. How can you change permissions once they are set:

    1. System administrators need to change the content permissions in the administration section
    2. Any user with content management permissions on a GeoNode object can change the permissions using the controls in the object details page
    3. Permissions are set in the item metadata

Further reading: