The security module of the SuperMap service manager secures GIS services through role-based access control, where the "roles" page is used to view and manage all current roles in the GIS system. SuperMap GIS Server stores all roles in it. The administrator can add, modify and delete roles on this page, and click the role name to enter the role editing page. You can view the basic information, service authorization information, and management function authorization information of the and modify roles.
Built-in roles
The SuperMap GIS server provides the following built-in roles by default:
- ADMIN is the built-in system administrator. This role has the management authority of the entire SuperMap GIS server by default. It can log in to the service management server to configure the service, security, system cluster, etc. It has the management authority of the entire server. It needs to be used carefully. The ADMIN role can add, edit, and delete users of other associated ADMIN roles. The system administrator created when the SuperMap GIS server is initialized which has the function of managing the entire Administrative permissions for the GIS server, including adding, modifying, and deleting users of the ADMIN role. The system administrator created during system initialization cannot be edited or deleted. If you forget the password, you can refer to the FAQ to reset the administrator.
- PUBLISHER is the built-in service publisher (this role is not applicable to SuperMap iPortal). This role has the permissions of service publishing and service instance management by default. Such as publish services, enable/disable service instances, and add, modify, or delete service providers, service components, service interfaces, and so on.
- NO PASSWORD is corresponding to the third-party login users, including QQ, Weibo, CAS accounts, etc., which are not stored by SuperMap GIS server. Can not change password through the GIS server.
- UNAUTHORIZED is an unlicensed user role. Used with NO PASSWORD primarily for third-party login user groups.
- DATA_CENTER is a built-in SuperMap iPortal data uploader role, with permissions to upload data and publish services. The role cannot be associated with ADMINs and PORTAL_VIEWER roles .
- PORTAL_USER is a built-in SuperMap iPortal normal user role, with and using permissions for the iPortal portal, including using, creating, and sharing portal resources.
- PORTAL_VIEWER is a built-in SuperMap iPortal viewer role with view permission of resources shared with iPortal, such as viewing maps, services, scenes, applications, data resources, etc. Users associated with the viewer role cannot create and manage resources on their own, for example, they cannot register services, create maps, create groups, upload data, and so on. Users with a user type of viewer can only be associated with PORTAL_VIEWER role.
In addition, the SuperMap GIS server has built-in the SYSTEM role. This role is the system administrator created when the server is initialized. It has the management authority over the entire GIS server and cannot be assigned to other users.
Manage roles
Operations on roles can be done in the roles tab of the security module after logging in to the service manager.
add role
To add a new role to the stored role list:
- Click add role in the Add New Role dialog, enter the following information:
- Role name [required parameter], which is the unique identifier of the role and cannot be the same as other role names
- Role description: brief description of the role
- Role type, including "user" and "service administrator". The former can access the service instance, and the latter can not only access the service instance, but also manage the service instance, such as publishing, editing, and deleting
- Select one or more users from the users to be selected list, and click Add to associate the user with the current role. If you have not registered or created an available user, you can associate the user after registering the user
- Select one or more user groups from the user groups to be selected list, and click Add to associate the user group with the current role. If no user group has been created, you can associate the user group after it is created
- Click OK to add this roles
delete role
Remove unwanted roles:
- Find the role to be deleted, check it, and click Delete
- Click Yes in the pop-up confirmation dialog box.
After the role is deleted, the corresponding relationship with the user is released. It is important to note that built-in roles cannot be deleted.
Edit the role
Modify role attribute or associated user:
- Find the role to be modified and click the role name to enter the role information editing page to modify the required information, such as the role description, but not the role name
- You can modify the type of the role, such as User or service administrator.
- If you need to change the user associated with the current role, select one or more user moves in the users to be selected list and the selected users list to add or delete the role associated with the user
- To change the user group with which the current role is associated, select one or more user group moves in the user groups to be selected list and selected user groups list to add or delete the role with which the user group is associated
- You can view the service authorization information of the current role, including the services that the current role can access and the services that the current role is prohibited from accessing. Click Modify to modify the service authorization information of the current role (not applicable to SuperMap iPortal)
- If the type of the role is "service administrator", you can view the service management function authorization information of the current role, such as the management authority of each service. Click Modify to modify the management function authorization information of the current role (not applicable to SuperMap iPortal)
- After editing the information related to the role, click Save to make the changes effective