From WeoGeo Support
Contents |
Set-up access controls on WeoGeo Library
Getting Started >> Set-up access controls on WeoGeo Library
Have you turned on your Library's Access Controls? By default, this is not enabled. And thus, all users have access to all datasets.
So assuming you need more control of how your users access your Library's data, this walk through will demonstrate how to invite a user and how to set up some basic access controls.
Access controls on WeoGeo Library utilize Data Groups and User Roles. A particular dataset can belong to multiple Data Groups. And likewise, users can belong to multiple User Roles. The User Roles and Data Groups are linked together to create the access rules. And these connections are not limited to a one to one relationship, and thus, allow the Admin full flexibility in managing his Library.
Remember these basic rules about access controls:
- By default, access controls are not turned on in a new library.
- By default, datasets do not have any groups assigned, unless the groups are explicitly set during upload or later on.
- By default, datasets that do not belong to any groups are viewable by anyone.
- By default, users do not have any roles assigned.
- Access controls are set-up by assigning datasets to groups, users to roles and creating linkages between groups and roles.
- The most permissive access controls apply to a user belonging to multiple roles.
We will outline one way in which the access policy can be developed below, but as you will find as you explore your WeoGeo Library, there are multiple ways in which this can be accomplished.
Login
First, we need to navigate in our browser to our Library.
Once we log in and click the "Admin" button, we are directed to the first page of our Admin Console.
Click the "Users" button to go to the user management section.
Invite a User
The user management console is shown below.
To invite a new user, we click the "Invite Users" button.
The way WeoGeo allows you to invite users to your library is via email. So we enter the email of the user we want to invite. And then we click the "Send Invites" button.
This brings us back to the main user management section. As we see, the user we just invited has a status reflecting their pending status. To see what the user is now witnessing, click here.
Great! The user we invited decided to join the Library. We now see in the user management section her status has been updated to reflect her acceptance and registration.
Create a Data Group
Note that when this user logs in, she can access all the datasets that do not belong to any groups.
Now, we want our uploaded dataset to be viewable only by our user and we have failed to assign it to any groups during out upload. Let's set up access controls for this situation. Since this is a new library, there are no groups or roles.
First, we will go to the data management section by clicking the "Listings" button to access the data management section.
As you see from above, we have highlighted the one data set we had uploaded already. We can edit this data set by clicking the orange hyperlinks in the side panels. We want to connect this data set to a Data Group, so we click the hyperlink next to the Groups label on the left panel.
So far, there are no groups. So we will add a new group called "NASA2." By typing the name of the new group and hitting the "Add Group" button, we save this new group. Note: this group will be available from here on out. All current and future data sets will have the possibility of being connected to this group.
So now we can see that this particular dataset belongs to the "NASA2" group.
And after we click the "Save Change" button, we are directed to the main data management section, and when we highlighting our sole dataset, we see the number of Groups has increased from 0 to 1 reflecting our change.
Create a User Role and Linking Roles and Groups
Now that we have our Data Group, we want to make a new User Role and connect it to this new Data Group. Click the "Access" button to move to the access management section.
By default, the access management section shows Data Groups. We could have created the new Group, "NASA2", via this interface also. But since we are interested in making a new User Role, we switch the interface to "Roles" by selecting "Roles" via the interface control on the left side.
We have decided to make a new role called "UserJane". When creating this role, you can choose to make all datasets viewable to this role. However, in this case, since we are interested in restricting the access to the role, we will not do that.
We hit the "Create Role" button to complete the Role creation.
Now we want all users that are associated with this role to have access to the "NASA2" Data group we previously made. To do this we highlight this role and we click, the "Link to Groups" button on the right side.
Once we select the Group(s) we want this role to be connected with, we hit the "Update" button to confirm our selection.
Finally, we need to assign the user to this role. Click the "User" Button. We then click the new user we invited. Once highlighted, we click the "Roles" button on the right side and assign her to the "UserJane" role.
Once committed, she now will have access to the data set we uploaded earlier and any future data sets we assign to the "NASA2" group.
Now that this is done, can a different user (i.e not janedoe007) view this dataset? Let's find out. Below, you will notice that the library user with "zyxw" username cannot view the NASA OcnClr dataset. Success!
It needs to be noted that in this walk through we were starting with a empty WeoGeo Library. With time you will develop a stable set of Data Groups and User Roles. Once these are established, maintaining an data access policy will be a breeze.
Illustrating Access Controls
