ACL Management

Access Control List (ACL) management in Spectrum Spatial is applied using Spectrum Spatial Manager or using the ACL REST API.

Spectrum Spatial Manager has settings for managing resource and dataset ACL and folder ACL. You can run ACL reports and manage which users have the spatial-sub-admin role. Each detailed page of each named resource in Spectrum Spatial Manager has a permissions tab to manage resource permissions.

Permissions to named resources, such as named tiles or named maps, propagate to the named resources that they reference, so a user with permission to render a map can also render the individual layers and get feature information from the table the layer references. Spectrum Spatial Analyst applies this when adding a map to a Named Map Project so that a user can turn individual layers on and off and get feature information from the table by clicking the map or performing a query.

The Settings tab in Spectrum Spatial Manager lets an administrator enable or disable the propagation of permissions to named tables. Spectrum Spatial Manager enables this feature by default for Spectrum Spatial Analyst to function correctly.

For more information, see using Spectrum Spatial Manager.

The ACL REST API has two categories of operations for managing ACL:

• Permissions operations: Return the permissions that apply to the user and the roles that the user belongs to. These operations do not manage ACL, and any user can apply them.
  • List Dataset Permissions
  • List Folder Permissions
• Access Control List (ACL) operations: List, add, update, or remove ACL for named resources for users or roles. Only users who are a spatial-sub-admin or admin have the authorization to use these operations.
  • List ACL by Resource
  • List ACL by Folder
  • List ACL by Role
  • List ACL by User
  • List ACL by User and Role
  • Add Resource ACL
  • Add Dataset ACL
  • Add Folder ACL
  • Remove Resource ACL
  • Remove Dataset ACL
  • Remove Folder ACL
  • Update Dataset ACL

ACL operations propagate (recurs) permissions to dependent resources. Propagation always happens to layers, but propagation to tables is controlled by a flag when calling a service. Using Spectrum Spatial with client applications, such as Spectrum Spatial Analyst, applies this to render the layers that a map references and for permissions to query features for the tables that layers reference.

For more information, see The Access Control Service.