Spatial administrators and sub-administrators grant permissions on roles and users to access or edit individual named resources and folders in the Spectrum Spatial repository.
The Spectrum Technology Platform Management Console has settings for managing users and roles. There are two kinds of roles that are relevant to Spectrum Spatial:
- Predefined roles that are present when you install Spectrum. These confer certain default permissions to users who belong to them.
- Custom roles that an administrator (admin) creates. A custom role has no permissions until specified in the .
Predefined Spatial Roles
After you install the Spectrum Spatial, four predefined roles are available in the Spectrum Management Console: two roles grant admin related privileges to users so they can manage content in Spectrum Spatial (spatial-admin and spatial-sub-admin), and two roles override resource permissions normally assigned in (spatial-user and spatial-dataset-editor).
- spatial-admin
- The spatial-admin role has full permissions to see and manage (view, create, delete, modify, and set permissions on) all content within the Spectrum Spatial repository. This role can edit data sets associated with named tables using the Feature Service (insert, update, and delete methods).
- spatial-sub-admin
- The spatial-sub-admin role is similar to spatial-admin, but it cannot view all of the content within the Spectrum Spatial repository. This role views content in folders that it has read permission to. Users assigned to the spatial-sub-admin role must have permission to at least one folder.
- spatial-user
- The spatial-user role provides read permissions to all named resources in the Spectrum Spatial repository and overrides read permissions granted to named resources in . Do not assign users to this role if they require specific permissions.
- spatial-dataset-editor
- The spatial-dataset-editor role provides edit permissions (insert, update, and delete) to all datasets associated with named tables and overrides permissions granted to named tables in . Do not assign users to this role if they require specific permissions.
Dataflow designers who are creating data flows must have a designer role (which is preset in Management Console). This is in addition to any permissions to access named resources, which are assigned by making them a member of spatial-user (so they can see all resources) or by using to grant permissions on specific named resources. For instructions on creating a spatial dataflow designer, see Creating a Spatial Dataflow Designer.
Custom Spatial Roles and Access Control Settings
Access control in Spectrum Spatial is managed using custom roles assign to users, which simplifies managing multiple users. Roles have specific permissions set. A user inherits the permissions of the roles that they are assigned. To specify permissions for access to specific named resources, use .
There are three kinds of permissions to view, edit, or manage data in Spectrum Spatial. We suggest creating roles for the following scenarios to grant:
- Read-only access to maps, layers, and tables available to the entire organization.
Name this role GeneralAcces. All users may belong to this role, allowing any user in the organization to see these maps and layers.
- Read-only access to sensitive maps and layers.
Add specific users to this role. Other users would not be able to see this data.
- Edit access to named tables.
For example, you may have a table called Property Site Inspections that some users update, such as site inspectors who edit the data after visiting a property. You can grant edit permissions to this role and then assign your site inspectors to the role. Any other users viewing the table would not be able to edit the data.
- Write access to manage resources in a folder in the repository.
As an example, you might create a role called SalesManagers with write permission to a folder in the Spectrum repository called SalesData. You could assign the spatial-sub-admin and SalesManagers roles to one or two users in the sales department. These users would then be able to use and the Map Uploader utility to manage named resources in the SalesData folder.