Managing roles

The Security Module of SuperMap service manager protects GIS service by role-based access control. All the roles in current GIS system can be viewed and managed on Role page under Security. SuperMap GIS server stores all built-inroles.The administrator can add, modify and delete roles on this page, and modify the role by clicking the role name.

• Built-in roles
• Managing roles
  • Add a role
  • Delete a role or roles
  • Edit a role

Built-in roles

SuperMap GIS server provides built-in roles by default:

• ADMIN, the built-in system administrator. This role has GIS server's overall administration privileges by default. After logging in service manager, the user who is assighed this role can configure modules like, service, security and system cluster, etc., so this role need to be used carefully. The users associated with ADMIN role can add, edit and delete other users associated with ADMIN role; The system administrator account created when initializing SuperMap iServer has administration privileges to the GIS server, including ADMIN associated users' adding, modification and deletion; And the system administrator account created when initializing the system can't be edited or deleted. If you forgot the password of the system administrator, please refer to FAQ reset administrator account.
• PUBLISHER, the built-in service publisher. This role has the default rights to publish and manage the service instances, such as publishing services, enable / disable the service instance, and adding, modifying or deleting the service provider, service components and service interfaces.
• NOPASSWORD: The roles corresponding to the third party login, including QQ, weibo, CAS and so on. These users can not change the password throuh GIS server.
• DATA_CENTER: the built-in uploading data role for SuperMap iPortal which has authority to upload data and publish services. Users who is assigned DATA_CENTER and PORTAL_USER can log in to iPortal to upload data. DATA_CENTER can not be associated with ADMIN and PORTAL_VIEWER role.
• PORTAL_USE: the built-in iPortal ordinary user role which has the authority to use iPortal, including using, creating, and sharing portal resources.
• PORTAL_VIEWER: the built-in observer role for SuperMap iPortal which has the authority to view the resources shared by others, such as: vewing maps, services, scenes, applications, data resources, and so on. Users who are assigned this role cannot create and manage resources, such as: registering services, creating maps, creating groups, uploading data, etc. The iPortal license dosn't restrict on the number of users who are assigned this role. More information about roles and permissions in SuperMap iPortal, please see: Roles and permissions.

Managing roles

Log in to service manager, enter in to Security>Roles to manage roles.

Add a role

Add a new role into the stored role list:

1. Click on Add Role , enter the following information in the Adding New Role dialog box:

• Role Name [Required Parameter], is the role's unique identification. The role name can not be repeated.
• Role Description: a brief description of the role
• Role Type, including "User" and "Service administrator". The former can access the service instance. In addition to access the service instance, the latter can also manage the service instances, such as publishing, editing and deleting, etc.

2. Select one or more users in the Select from list, click the Add button to associate the user with current role. If there is no registered or newly available user, then associate them after user registration.
3. Select one or more groups in the Selected user group list.Click the Add button to make this user group associated with the current role. If there isn't available user group, you can associate it after creating the user group.
4. Click OK  to add this role

Delete a role or roles

Delete unwanted roles:

1. Find the roles to be deleted, check, click the Delete.
2. In the confirmation dialog box, click Yes.

After the role is deleted, the corresponding relationship between the user and the role is released.

Note: The built-in roles can't be deleted.

Edit a role

Modify role attributes or the associated users:

1. Find the roles to be modified, enter the roles information editing page after clicking the role name, then you can modify the information you want, but the role name can not be modified.
2. The role type can be modified, such as "User" or "Service administrator"
3. The  Select list shows the users who have this role, you can assign this role for users by adding users from Select from list, or release the role for users by removing them from Selected list.
4. Selected user group list shows the the groups who have this role, you can assign this role for one or more more groups by adding the groups you wanted from the User group to be selected list, and you also can release this role for groups by removing them from the Selected user group list.
5. The service authorization information of current role can be viewed, including authorized and prohibited services. The Service access authorization information of current role can be modified by clicking Modify.
6. If the role type is "Service administrator", then the service management function authorization information of current role can be viewed, such as the management rights of every service. The Management function authorization information of current role can be modified by clicking Modify.
7. click Save to make the changes take effect.