Security Model Overview
A user is an account assigned to an individual person which the person uses to authenticate to Spectrum™ Technology Platform, either to one of the client tools such as Enterprise Designer or Spectrum Management Console, or when calling a service through web services or the API. An administrator creates a user in the Management Console. A user may have one or more roles assigned to them.
- Predefined roles are present when you install Spectrum. These confer certain default permissions to users who belong to them. The permissions for these roles cannot be changed.
- Custom roles are defined by the administrator (admin) in the Management Console with specific permissions.
- secured entity type is a category of items to grant or deny access to. An example of this is the secured entity type called "Dataflows" controls the default permissions for all dataflows on the system. Only roles are granted permissions on secured entity types. Permission is set when editing a role on the Roles tab in the Management Console.
- secured entity is a specific item within a category to grant Access Control List (ACL) for. An example of this would be specific dataflow jobs. You can grant permissions on secured entities to both roles and users on the Access Control tab in the Management Console.
There are preset permission types for the Spectrum™ Technology Platform and preset permission types that install with each Spectrum module.
Security and Spectrum Spatial
Spectrum Spatial secured entities are individual named resources, such as maps, layers and tables, that are managed within the Spectrum Spatial™ Manager. To grant users or roles permissions for entities at the platform level or for other modules, use the settings in the Management Console under the Access Control tab.
- Roles tab: to grant platform-wide permission to roles, which includes two secured entity types that apply to Spectrum Spatial called “Location Intelligence – Named Resources” and “Location Intelligence – Dataset.DML”. If you assign a role with these permissions, it overrides the permissions that are set in the Spectrum Spatial™ Manager or via the Spectrum Spatial REST API.
- Access Control tab: to set permissions to individual named resources under the “Location Intelligence – Named Resources” and “Location Intelligence – Dataset.DML” entities. Making changes here overrides permissions set in Spectrum Spatial.