Access Control for Datasets
What is a Dataset?
A dataset is a collection of data values in a tabular form that typically consists of rows (or records) and columns. In the Location Intelligence Module, a dataset can take the form of a .TAB file, a shapefile, a GeoPackage file, or a JDBC-based table such as an MS SQL Server table.
Benefits of Dataset Access Control
Dataset access control allows administrators to disassociate the permissions of a named table from the editing permissions of the dataset that the named table points to. For example, as an administrator you can grant full editing (Create/Modify/Delete) permissions to a dataset while keeping read-only (View) permissions on the named table. When a user attempts to perform a data manipulation language (DML) operation (an insert, update, or delete operation using the Feature service or the Write Spatial Data stage), the user's permissions will be verified not only against the specified named table in the Location Intelligence.Named Resources entity type but also against the Location Intelligence.Dataset.DML entity type. If View permissions are denied, the named table will not appear in the user's repository.What is a Dataset Secured Entity?
When a named table is renamed, moved, or deleted, Spectrum Spatial will rename or delete the associated secured entity for the dataset.
Spatial Roles and Dataset Access
Roles are used to grant or deny access to different parts of the system and help make permissions management easier. Three predefined roles for users of the Location Intelligence Module are available in Management Console:
- spatial-admin
- The spatial-admin role provides full permissions (Create/View/Modify/Delete) for all named resources and datasets. A user with a spatial-admin role can view named resources as well as edit datasets.
- spatial-user
- The spatial-user role provides View permissions to named resources only. A user with a spatial-user role can view resources but cannot edit datasets.
- spatial-dataset-editor
- The spatial-dataset-editor role provides full permissions (Create/View/Modify/Delete) on datasets. For example, an administrator can easily grant full permissions to datasets by adding the spatial-dataset-editor role to a user who currently has the spatial-user role.
These predefined roles cannot be modified. You can, however, create custom roles based on the predefined spatial roles, assign them to user accounts, then fine-tune access on those roles and users by applying access control settings (overrides) to datasets, individual named resources, or folders containing named resources. See Configuring Access Control for more information.