ACL Management

Access Control List (ACL) management in Spectrum Spatial is applied using Spectrum Spatial™ Manager or using the ACL REST API.

Spectrum Spatial™ Manager has settings for managing resource and dataset ACL and folder ACL. You can run ACL reports and manage which users have the spatial-sub-admin role. Each detailed page of each named resource in Spectrum Spatial™ Manager has a permissions tab to manage resource permissions.

Permissions to named resources, such as named tiles or named maps, propagate to the named resources that they reference, so a user with permission to render a map can also render the individual layers and get feature information from the table the layer references. Spectrum Spatial™ Analyst applies this when adding a map to a Named Map Project so that a user can turn individual layers on and off and get feature information from the table by clicking the map or performing a query.

The Settings tab in Spectrum Spatial™ Manager lets an administrator enable or disable the propagation of permissions to named tables. Spectrum Spatial™ Manager enables this feature by default for Spectrum Spatial™ Analyst to function correctly.

For more information, see using Spectrum Spatial™ Manager.

The ACL REST API has two categories of operations for managing ACL:

• Permissions operations: Return the permissions that apply to the user and the roles that the user belongs to. These operations do not manage ACL, and any user can apply them.
  • List Dataset Permissions
  • List Folder Permissions
• Access Control List (ACL) operations: List, add, update, or remove ACL for named resources for users or roles. Only users who are a spatial-sub-admin or admin have the authorization to use these operations.
  • List ACL by Resource
  • List ACL by Folder
  • List ACL by Role
  • List ACL by User
  • List ACL by User and Role
  • Add Resource ACL
  • Add Dataset ACL
  • Add Folder ACL
  • Remove Resource ACL
  • Remove Dataset ACL
  • Remove Folder ACL
  • Update Dataset ACL

ACL operations propagate (recurs) permissions to dependent resources. Propagation always happens to layers, but propagation to tables is controlled by a flag when calling a service. Using Spectrum Spatial with client applications, such as Spectrum Spatial™ Analyst, applies this to render the layers that a map references and for permissions to query features for the tables that layers reference.

For more information, see The Access Control Service.