Versions Compared

Old Version 3

changes.mady.by.user Marcin Goralski

Saved on

compared with

New Version 4

changes.mady.by.user Adam Rak (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Definitions:

  • Layer – a file that is referencing a data source; due to this fact not only access to the Layer configuration but also access to the Layer data has to be controlled
    • Layer configuration - vector, raster, group or annotation layer properties. Layer configuration includes information from all Layer Properties tabs.
    • Layer data – data stored in the data source that is referenced by a Layer. For vector layer that would be the business attributes and geometries (table records), for raster layer it would be the images stored on the server’s HDD.  
  • Resource – a file that is stored in Earthlight and does not have any linking to a data source, e.g. maps, styles, print templates, scripts, etc.

  • Reference – a strong data source reference that controls both Layer configuration and Layer data permissions
  • Link – a weak data source reference that controls only Layer configuration permissions

  • Read – allows to view Resource or Layer configuration information
  • Write – allows to modify Resource or Layer configuration information
  • List – allows to list folders and files (Resources and Layers) in all Earthlight file browsers
  • Publish - allows file owners to publish their files (Resources and Layers) to a specific location
  • View – allows to view Layer data
  • Edit – allows to modify Layer data
  • Print – allows to print Layer data
  • Export – allows to export Layer data
  • Own – represents the ownership of a file (Resource or Layer)

...

Earthlight is using a multiple tier permission model. It means that you can control access rights on any of the three levels shown above. To speed up and simplify access management there is a group called ‘Everyone’, which contains all Earthlight users. Groups are inheriting permissions from the ‘Everyone’ entity. Users are inheriting permissions from groups.


Permissions:

Own

Own is the file ownership permission. This permission should be set by the system administrator on the repository root to allow them to set permission of any kind to any file. For newly created files (e.g. freshly referenced data source, created layers, designed maps, modified styles, etc.) the Own permission is applied for the user who created it.

...

Just as the previous one this permission improves granularity of data access and publishing. It controls all data exportation tool as well as all available formats within Earthlight. Upon trying to export data without appropriate permission a user is shown a message informing them about a lack of sufficient permissions.

Allow / Deny a permission:

Any permission can be either allowed or denied. Denying a permissions to a file takes precedence over allowing it. Not setting a permission on a file in any way (either directly or via inheritance from the parent folder / group) is treated like denying it.

...

When a file is denied to an individual user on a folder level, it cannot be allowed for them directly on the file level. From the permission point of view the closeness of the permission application is irrelevant.

Permissions configuration

The ‘Shares’ tool protects all files in Earthlight. Since Resources are self-contained files the ‘File control’ and ‘File ownership’ permissions apply to each and every one of them independently. As mentioned earlier the model for Layers is based on Master – Link paradigm. This means that ‘File control’ and “File ownership’ permissions act on them in similar way to Resources but ‘Data control’ permission can only be applied in one place (on the Reference) for all users.

...

We cover each tab in detail next.

Manage shares

We can divide the ‘Manage Shares’ tab into 5 sections which we are describing below.

...

In order to find locations of references for particular table, please type the name of the table in box on the bottom right of the Shares window, or manually scroll the list to find wanted table there.

Permissions auditing

Next two tabs are extremely useful when auditing permissions. They allow Earthlight administrators to quickly determine:

  • What resources a particular user has access to?
  • What level of access the user has to each resource?
  • Who has permission to a particular resource?
  • What permissions are set on a resource?

Report permission by user

‘Report permissions by user’ tool returns all files and folders that the selected user has any permissions on. In essence it provides answers to the first two of the questions raised a minute ago.

...

Allows the report to be saved as CSV file for further processing.

Report permission by resource tab

‘Report permissions by resource’ returns all users and groups that have permissions set on the selected file. It provides answers to the last two questions raised earlier.

...