GeoServer Layer Management Guide

This guide walks you through the process of managing layers in GeoServer, including uploading layers, setting classification metadata, and configuring access rules.

Uploading and Managing Layers

Through the Web Interface

Log in to the GeoServer Web Interface
Navigate to Data > Layers
Click Add a new layer
Select your data source (nasa:blue_marble)
Configure the layer settings:
- Name and title
- Coordinate reference system
- Bounding box
- Coverage parameters and band details

Through the REST API

# Upload a new layer (example for Blue Marble)
curl -v -XPUT -H 'Content-type: text/plain' \
     -H "Authorization: Bearer $AUTH_TOKEN" \
     -d $GEOTIFF_PATH \
     map.$DF_HOST/geoserver/rest/workspaces/$WORKSPACE/coveragestores/$STORE/external.geotiff?configure=first\&coverageName=$LAYER_NAME

# List all layers
curl -H "Authorization: Bearer $AUTH_TOKEN" \
    http://map.$DF_HOST/geoserver/rest/layers

# Get layer details
curl -H "Authorization: Bearer $AUTH_TOKEN" \
    http://map.$DF_HOST/geoserver/rest/layers/$LAYER_NAME

Setting Classification Metadata

Users that have been given access to the layer administration page should be able to set a classification keyword on a layer. Users must take precaution to avoid setting an invalid classification, or setting multiple classifications on a layer. Failure to do so will put the layer in an invalid state that will require intervention from the SDL admin to correct. For more information, see the "Troubleshooting" section below.

Through the Web Interface

Navigate to Layers > [the layer to classify]
Under Keywords, create a new keyword for the classication:
- Type the layer classification into the New Keyword text box
- In the dropdown, select "English"
- Type "Classification" into the Vocabulary text box
Once all information has been inserted, click Add Keyword and confirm the classification appears under the Current Keywords field
Click Save at the bottom of the page.

Through the REST API

TBD

Troubleshooting

When a layer’s classification is misconfigured, the layer becomes invisible to end users. Once a layer is in this state, a user will have to submit a ticket to SDL support for to recover the layer. The ticket should be titled "Suspected Layer Classification Misconfiguration" and should include the following information:

The name of the layer
The desired classification level of the layer
An email used to alert the user that the request has been fulfilled

Configuring Layer Access Rules

Through GeoFence UI

Navigate to Security > GeoFence Data Rules
Click Add New Rule
Configure the rule:
- Select Priority
- Select the Role/User
- Select services and requests to allow/deny
- Select the workspace and layer
- Define access type (ALLOW, DENY, LIMIT)
- Save the rule

Through the REST API

# Create a new access rule (Example for ALLOW all)
curl -XPOST -H "Content-type: application/json" \
  -H "Authorization: Bearer $AUTH_TOKEN" \
  -d '{
      "Rule": {
      "priority":0,
      "userName":"*",
      "roleName":"*",
      "service":"*",
      "request":"*",
      "workspace":"*",
      "layer":"*",
      "access":"ALLOW"
    }
  }' \
  http://map.$DF_HOST/geoserver/rest/geofence/rules

# List all rules
curl -H "Authorization: Bearer $AUTH_TOKEN" \
  http://map.$DF_HOST/geoserver/rest/geofence/rules

# Update an existing rule. Unspecified fields remain unchanged
curl -XPOST -H "Content-type: application/json" \
  -H "Authorization: Bearer $AUTH_TOKEN" \
  -d '{
    "rule": {
      "roleName": "$ROLE_NAME"
      "layer": "$LAYER_NAME",
      "access": "DENY",
    }
  }' \
  http://map.$DF_HOST/geoserver/rest/geofence/rules/id/$RULE_ID