The security module of the SuperMap service manager
secures GIS services through role-based access control, where the "roles"
page is used to view and manage all current roles in the GIS system. SuperMap
GIS Server stores all roles in it. The administrator can add, modify and
delete roles on this page, and click the role name to enter the role editing
page. You can view the basic information, service authorization information,
and management function authorization information of the and modify roles.
Built-in roles
The SuperMap GIS server provides the following built-in
roles by default:
- ADMIN is the built-in system administrator.
This role has the management authority of the entire SuperMap GIS
server by default. It can log in to the service management server
to configure the service, security, system cluster, etc. It has the
management authority of the entire server. It needs to be used carefully.
The ADMIN role can add, edit, and delete users of other associated
ADMIN roles. The system administrator created when the SuperMap GIS
server is initialized which has the function of managing the entire
Administrative permissions for the GIS server, including adding, modifying,
and deleting users of the ADMIN role. The system administrator created
during system initialization cannot be edited or deleted. If you forget
the password, you can refer to the
FAQ to reset the administrator.
- PUBLISHER is the built-in service publisher
(this role is not applicable to SuperMap iPortal). This role has the
permissions of service publishing and service instance management
by default. Such as publish services, enable/disable service instances,
and add, modify, or delete service providers, service components,
service interfaces, and so on.
- NO PASSWORD is corresponding to the third-party
login users, including QQ, Weibo, CAS accounts, etc., which are not
stored by SuperMap GIS server. Can not change password through the
GIS server.
- UNAUTHORIZED is an unlicensed user role. Used
with NO PASSWORD primarily for third-party login user groups.
- DATA_CENTER is a built-in SuperMap iPortal
data uploader role, with permissions to upload data and publish services.
The role cannot be associated with
ADMINs and PORTAL_VIEWER roles .
- PORTAL_USER is a built-in SuperMap iPortal
normal user role, with and using permissions for the iPortal portal,
including using, creating, and sharing portal resources.
- PORTAL_VIEWER is a built-in SuperMap iPortal
viewer role with view permission of resources shared with iPortal,
such as viewing maps, services, scenes, applications, data resources,
etc. Users associated with the viewer role cannot create and manage
resources on their own, for example, they cannot register services,
create maps, create groups, upload data, and so on. Users with a user
type of viewer can only be associated with PORTAL_VIEWER role.
In addition, the SuperMap GIS server has built-in the
SYSTEM role. This role is the system administrator created when the server
is initialized. It has the management authority over the entire GIS server
and cannot be assigned to other users.
Manage roles
Operations on roles can be done in the roles
tab of the security module after logging in to the service manager.
add role
To add a new role to the stored role list:
- Click
add role in the Add New Role dialog, enter the following information:
- Role name [required parameter], which is the
unique identifier of the role and cannot be the same as other role
names
- Role description: brief description of the
role
- Role type, including "user" and "service
administrator". The former can access the service instance, and
the latter can not only access the service instance, but also manage
the service instance, such as publishing, editing, and deleting
- Select one or more users from the users
to be selected list, and click Add to associate the user with the
current role. If you have not registered or created an available user,
you can associate the user after registering the user
- Select one or more user groups from the
user groups to be selected list, and click Add to associate the user
group with the current role. If no user group has been created, you
can associate the user group after it is created
- Click OK
to add this roles
delete role
Remove unwanted roles:
- Find the role to be deleted, check it,
and click Delete
- Click Yes
in the pop-up confirmation dialog box.
After the role is deleted, the corresponding relationship
with the user is released. It is important to note that built-in
roles cannot be deleted.
Edit the role
Modify role attribute or associated user:
- Find the role to be modified and click
the role name to enter the role information editing page to modify
the required information, such as the role description, but not the role name
- You can modify the type of the role, such
as User or service administrator.
- If you need to change the user associated
with the current role, select one or more user moves in the users to be selected list and the selected users list to add or delete
the role associated with the user
- To change the user group with which the
current role is associated, select one or more user group moves in
the user groups to be selected
list and selected user groups
list to add or delete the role with which the user group is associated
- You can view the service authorization
information of the current role, including the services that the current
role can access and the services that the current role is prohibited
from accessing. Click Modify
to modify the service authorization
information of the current role (not applicable to SuperMap iPortal)
- If the type of the role is "service
administrator", you can view the service management function
authorization information of the current role, such as the management
authority of each service. Click Modify
to modify the management function
authorization information of the current role (not applicable
to SuperMap iPortal)
- After editing the information related to
the role, click Save to make
the changes effective