Roles management |
The "Roles Management" page allows you to view and manage all roles in SuperMap iPortal. SuperMap iPortal provides ADMIN, PORTAL_USER, PORTAL_VIEWER, and other built-in roles by default, which are used to meet basic portal construction requirements. At the same time, iPortal supports adding various custom roles, and you can grant them different permissions respectively to achieve fine-grained permission control.
Log in to the portal homepage as a portal administrator, and click Management > Security > Roles Management to enter the role management page:
Steps to add a new custom role:
After creating a new role, you can associate it with a specific user on the "User Management" page, and the user associated with this role will have the corresponding portal permissions.
If you want to manage portal resources and users according to the organizational structure, please refer to Configuration and Use of Organizational Structure.
Steps to delete unwanted roles:
After the role is deleted, the corresponding relationship with the user is released.
Note: iPortal built-in roles cannot be deleted.
Steps to modify a role's description or reassign permissions to a role:
Note: Permissions of iPortal built-in roles cannot be edited.。
Tabel 1 Normal permissions for iPortal built-in roles
| Module | Permissions | iPortal built-in roles | |||
|
ADMIN |
PORTAL_USER |
PORTAL_VIEWER |
DATA_CENTER |
||
|
Resource |
Register, update, delete services |
√ |
√ |
|
√ |
|
View all allowed services |
√ |
√ |
√ |
√ |
|
|
Create, update, delete maps |
√ |
√ |
|
√ |
|
|
View all allowed maps |
√ |
√ |
√ |
√ |
|
|
View all allowed scenes |
√ |
√ |
√ |
√ |
|
|
Create, update, delete scenes |
√ |
√ |
|
√ |
|
|
Upload, update, delete data |
√ |
|
|
√ |
|
|
Publish services |
√ |
|
|
√ |
|
|
View/Download all allowed data |
√ |
√ |
√ |
√ |
|
|
Create, update, delete projects |
√ |
√ |
|
√ |
|
|
View all allowed projects |
√ |
√ |
√ |
√ |
|
|
Create, update, delete datainsights |
√ |
√ |
|
√ |
|
|
View all allowed datainsights |
√ |
√ |
√ |
√ |
|
|
Create, udpate, delete mapdashboards |
√ |
√ |
|
√ |
|
| View all allowed mapdashboards |
√ |
√ |
√ |
√ |
|
| Apply for access to resources |
√ |
√ |
√ |
√ |
|
| Create, update, delete Notebooks |
√ |
√ |
√ |
||
| View all allowed Notebooks |
√ |
√ |
√ |
√ |
|
|
Group |
Create, update, delete groups |
√ |
√ |
|
√ |
|
Join groups |
√ |
√ |
√ |
√ |
|
|
View public groups |
√ |
√ |
√ |
√ |
|
|
Share |
Share maps |
√ |
√ |
|
√ |
|
Share services |
√ |
√ |
|
√ |
|
|
Share scenes |
√ |
√ |
|
√ |
|
|
Share data |
√ |
|
|
√ |
|
|
Share projects |
√ |
√ |
|
√ |
|
|
Share datainsights |
√ |
√ |
|
√ |
|
|
Share mapdashboards |
√ |
√ |
√ |
||
|
Share Notebooks |
√ |
√ |
√ |
||
|
My account |
Receive all resource access applications |
√ |
|||
|
Create keys |
√ |
√ |
√ |
√ |
|
|
Add credentials |
√ |
√ |
√ |
√ |
|
Note:
Only when the reviewer of resource authorization in the iPortal.xml configuration file is set to "ADMIN_AND_OWNER", the administrator can assign the "My Account" > "Receive all resource access applications" permission to a role in the general permissions.
Table 2 Management permissions for iPortal built-in roles
| Module | Permissions | iPortal built-in roles | |||
|
ADMIN |
PORTAL_USER |
PORTAL_VIEWER |
DATA_CENTER |
||
|
Resource management |
Update, delete maps |
√ |
|
|
|
|
View all maps |
√ |
|
|
|
|
|
Share maps |
√ |
|
|
|
|
|
Map review |
√ |
|
|
|
|
|
Update, delete services |
√ |
|
|
|
|
|
View all services |
√ |
|
|
|
|
|
Add services in batch |
√ |
|
|
|
|
|
Share services |
√ |
|
|
|
|
|
Service review |
√ |
|
|
|
|
|
Update,delete scenes |
√ |
|
|
|
|
|
View all scenes |
√ |
|
|
|
|
|
Share scenes |
√ |
|
|
|
|
|
Update, delete data |
√ |
|
|
|
|
| View all data |
√ |
||||
| Share data |
√ |
||||
| Register, update, delete projects |
√ |
||||
| View all projects |
√ |
||||
| Share projects |
√ |
||||
| Update, delete mapdashboards |
√ |
||||
| View all mapdashbaords |
√ |
||||
| Share mapdashboards |
√ |
||||
| Update, delete sataInsights |
√ |
||||
| View all dataInsights |
√ |
||||
| Share dataInsights |
√ |
||||
| Update, delete Notebooks |
√ |
||||
| View all Notebooks |
√ |
||||
| Share Notebooks |
√ |
||||
|
Site Config |
Site Customization |
√ |
|
|
|
|
Supporting Service |
√ |
|
|
|
|
| Basemap Configuration |
√ |
||||
|
Apps Permissions |
√ |
|
|
|
|
| DataViz |
√ |
||||
|
DataInsights |
√ |
|
|
|
|
|
MapStudio |
√ |
|
|
|
|
| Service Preview |
√ |
||||
|
Default thumbnail |
√ |
|
|
|
|
|
Directory management |
√ |
|
|
|
|
|
Register management |
√ |
|
|
|
|
|
Email notifier |
√ |
|
|
|
|
| Metadata Customization |
√ |
||||
|
Portal statistics |
Portal statistics |
√ |
|||
|
Server management |
Add, edit, delete servers |
√ |
|||
|
View all servers |
√ |
||||
|
Hosted data configuration |
√ |
||||
|
View hosted servers |
√ |
||||
|
Monitoring configuration |
√ |
||||
|
Use monitoring |
√ |
||||
|
View realtime monitoring |
√ |
||||
|
Alarm rules |
√ |
||||
|
View exception |
√ |
||||
|
Logs |
System logs |
√ |
|||
|
Operation logs |
√ |
||||
|
Log configuration |
√ |
||||
|
Security |
GIS service security |
√ |
|||
|
Security info storage |
√ |
||||
|
Session info management |
√ |
||||
|
User password security setting |
√ |
||||
|
enable, disable group |
√ |
||||
|
Update, delete group |
√ |
||||
|
View all groups |
√ |
||||
|
Departments |
√ |
||||
|
Update user data capacity |
√ |
||||
|
User review |
√ |
||||
|
Add User |
√ |
||||
|
Update user |
√ |
||||
|
Delete user |
√ |
||||
|
View all users |
√ |
||||
|
User group management |
√ |
|
|
|
|
|
Add, update, delete role |
√ |
|
|
|
|
|
View all roles |
√ |
|
|
|
|
|
CAS Configuration |
√ |
|
|
|
|
|
Keycloak Configuration |
√ |
|
|
|
|
|
LDAP Configuration |
√ |
|
|
|
|
|
Third-party Configuration |
√ |
||||
|
Delete Keys |
√ |
|
|
|
|
|
Check and delete key quota applications |
√ |
|
|
|
|
|
Update the WebApps achievement limits |
√ |
||||
|
Update the quantity limit of published services |
√ |
||||
|
Task |
Resources Recovery Regularly |
√ |
|
|
|
Note:
Only portal administrators can add roles and create users. Other administrators cannot do this even if they have been granted the corresponding permissions.