Access control list
Access control list (ACL) provides a lightweight and flexible implementation for privileges management.
In general, an application may utilize such ACL's to control access to certain protected objects by other requesting objects.
For the purposes of this documentation:
- a resource is an object to which access is controlled.
- a role is an object that may request access to a Resource.
Put simply, roles request access to resources. For example, if a parking attendant requests access to a car,
then the parking attendant is the requesting role, and the car is the resource, since access to the car may not be granted to everyone.
Roles can inherit other roles. For example if a manager extends parking atendant and the accountant he can access everything that the accounant and parking atendent can.
To see an example of managing roles and rules check Access control list.
To add a new rule click the Add button at the bottom of the rules data table, this will add a new row to the begining of the data table.
Double click on a cell to modify it's contents.
To edit a rule you need to double click on the cell of the data table.
Rules data table fields description:
Role. Name of the role that requests access to a resource
Resource. Name of the resource
Privelege. Name of the privelege
Group. Name of the group. Identifies where in the system this rules will be used.
To delete a rule click on it's id field, this will enable the delete button, click on it to delete the rule.
To add a new role click the Add button at the bottom of the roles data table,
enter your role name and click Add button,
this will add a new role to the end of the data table.
You can edit the roles that will be inherited by double clicking on the Extends cell of the data table.
Roles data table fields description:
Key. Name of the role
Extends. Roles that will be inherited
To delete a role click on it's key field, this will enable the delete button, click on it to delete the role.
There are a few default roles added upon installation:
- admin_users. Users that extend this role have access to Users administration section and can manage users.
- admin_news. Users that extend this role have access to News administration section and can manage news.
- admin_data. Users that extend this role can create their own tables and layers.
- admin_data_share. Users that extend this role can share their layers with other users.