ACL Management
Access Control List (ACL) management in Spectrum Spatial is applied using Spectrum Spatial™ Manager or using the ACL REST API.
Spectrum Spatial™ Manager has settings for managing resource and dataset ACL and folder ACL. You can run ACL reports and manage which users have the spatial-sub-admin role. Each detailed page of each named resource in Spectrum Spatial™ Manager has a permissions tab to manage resource permissions.
Permissions to named resources, such as named tiles or named maps, propagate to the named resources that they reference, so a user with permission to render a map can also render the individual layers and get feature information from the table the layer references. Spectrum Spatial™ Analyst applies this when adding a map to a Named Map Project so that a user can turn individual layers on and off and get feature information from the table by clicking the map or performing a query.
The Settings tab in Spectrum Spatial™ Manager lets an administrator enable or disable the propagation of permissions to named tables. Spectrum Spatial™ Manager enables this feature by default for Spectrum Spatial™ Analyst to function correctly.
For more information, see using Spectrum Spatial™ Manager.
The ACL REST API has two categories of operations for managing ACL:
- Permissions operations: Return the permissions that apply to the user and the roles that the user belongs to. These operations do not manage ACL, and any user can apply them.
- Access Control List (ACL) operations: List, add, update, or remove ACL for named resources for users or roles. Only users who are a spatial-sub-admin or admin have the authorization to use these operations.
ACL operations propagate (recurs) permissions to dependent resources. Propagation always happens to layers, but propagation to tables is controlled by a flag when calling a service. Using Spectrum Spatial with client applications, such as Spectrum Spatial™ Analyst, applies this to render the layers that a map references and for permissions to query features for the tables that layers reference.
For more information, see The Access Control Service.