Managing Permissions
Permissions in JMap are divided into two families: permissions for the users of applications (Pro, Web, NG and Survey) and permissions for the administrators (JMap Admin).
User permissions
User permissions determine what the users can do inside JMap Pro, JMap Web, and JMap Survey applications.
The following table presents the different permission groups that are available for the users.
User permissions |
|
Permissions on projects | See section Project Permissions for more information. |
Permissions on layers | See section Layer Permissions for more information. |
Permissions on personal layers | Create personal layers This permission gives a user the right to create personal layers in JMap Pro applications. By default, JMap users are not allowed to create personal layers. You can configure this permission in subsection Permissions of the JMap Server section. |
Permissions on forms | See section Database Forms for more information. |
Administrator permissions
Administrator permissions determine what JMap administrators are authorized to do in JMap Admin. Some permissions are global (permissions to do some tasks) while other permissions apply to specific resources.
Several of the global permissions are configured in the Permissions subsection of the JMap Server section.
The following table describes the global administration permissions.
Global administration permissions |
|
Access JMap Admin | This permission is required for an administrator to access JMap Admin. After the installation of JMap, only the administrator user has this permission. Note that the password is initially left empty for this user. It is strongly recommended to enter a password for the administrator user. See section Managing User Accounts and Groups for more information on modifying passwords. Also make sure to leave at least one user with this permission and with a known password. Otherwise, it will be impossible to access JMap Admin. |
Create database | This permission is required for an administrator to create new databases in JMap Admin. |
Create remote connection | This permission is required for an administrator to create new connections to remote JMap Server instances in JMap Admin. |
Create deployment | This permission is required for an administrator to create new application deployments in JMap Admin. |
Create metadata templates | This permission is required for an administrator to create new metadata templates in JMap Admin. |
Create style templates | This permission is required for an administrator to create new style templates in JMap Admin. |
Create project | This permission is required for an administrator to create new projects in JMap Admin. |
Create data source | This permission is required for an administrator to create new spatial data sources in JMap Admin. |
Administration permissions that are specific to resources determine what an administrator can do with each resource. The following table describes those permissions.
Resource specific administration permissions |
|
Access … | The administrator can view the detailed information of a resource and use the resource, but cannot modify it. Example: To use a spatial data source in order to create a layer, the administrator must at least have the Access permission on the data source. |
Administrate … | Allows the administrator to modify the resource and manage the user permissions for the resource. Does not allow the administrator to delete the resource or manage its administration permissions. Example: To add a layer in a project, the administrator must have the Administrate permission for the project. |
Use SQL console | (Applies only to databases) Allows the administrator to use the SQL console on the database. The SQL console is used to show the database structure and to execute SQL queries on the database. |
Remote access | Allows the administrator to access the resource from another instance of JMap Server. This permission is generally granted to a generic account used to open communication sessions between different instances of JMap Server. For more information, see sections Sharing Layers and Sharing Spatial Data Sources. |
Owners of a resource
Most resources managed in JMap Admin have one or more owners. Owners of a resource are the only ones that are allowed to:
manage administration permissions for the resource;
manage the list of owners for the resource;
delete the resource.
Super administrators
Super administrators are special accounts that can do everything in JMap Admin. They are the only ones who are allowed to:
manage the list of super administrators;
manage global administration permissions;
manage users and groups;
modify JMap Server’s working parameters;
display the log files;
import and export configurations.
You can manage the list of super administrators from subsection Permissions in section JMap Server. Select the Super administrators tab.
The following table presents administration tasks with examples, and indicates which profile or permission is required to perform each task.
Tasks | Super Administrator | Administrator |
Access JMap Admin | YES | If permission Access JMap Admin |
Manage the list of Super administrators | YES | NO |
Manage global administration permissions • Give an administrator permission to create projects • Remove an administrator’s permission to create spatial data sources • Give an administrator permission to create metadata templates for layers. | YES | NO |
Perform management tasks for JMap Server • Modify JMap Server’s working parameters (ports, memory, etc.) • Manage users and groups •Import and export JMap Server configurations • View log files or modify their settings | YES | NO Can change user account password |
Create a resource • Create a project • Create a database • Create an application deployment | YES | If permission Create … |
Use a resource • Use a database to create a spatial data source • Use a data source to create a layer • Use a connection to JMap Server to create a layer by reference | YES | If permission Access … |
View detailed information about a resource • Click on a database and view all of its parameters • Click on a project to view all of its parameters | YES | If permission Access … |
Modify a resource • Change the name of a project • Add a layer in a project • Modify the connection parameters for a database • Modify the projection of a spatial data source | YES | If permission Administrate … |
Delete a resource • Delete a project • Delete an application deployment • Delete a style template | YES | If owner of the resource |
Manage user permissions of a resource • Give a user permission to open a project • Give a user permission to edit the elements of a project layer • Remove a user’s permission to copy the data of a project layer | YES | If permission Administrate |
Manage the administrator permissions of a resource • Give an administrator permission to use a spatial data source • Give an administrator permission to modify a project • Remove an administrator’s permission to modify a database | YES | If owner of the resource |
Manage the list of owners of a resource | YES | If owner of the resource |
Permission reports
Permission reports allow you to view all the permissions that a user or a group has on a single report. A permission report is a convenient way to get the information without checking every resource. The reports are accessible from the Users and Groups tabs in the Users / Groups section, by clicking on .
Dernière mise à jour