The "Roles Management" page allows you to view and manage all roles in SuperMap iPortal. SuperMap iPortal provides ADMIN, PORTAL_USER, PORTAL_VIEWER, and other built-in roles by default, which are used to meet basic portal construction requirements. At the same time, iPortal supports adding various custom roles, and you can grant them different permissions respectively to achieve fine-grained permission control.
Log in to the portal homepage as a portal administrator, and click Management > Users > Roles Management to enter the role management page:
Add a role
Steps to add a new custom role:
- Click "Add role", and in the Add New Role dialog box, enter the following information:
- Role name [required parameter], which is the unique identifier of the role and cannot be repeated with other role names
- Role description: a brief description of the role
- Assign permissions to the role. In the permission list, check the permissions to be granted to the newly created role. The iPortal permissions can be divided into normal permissions, management permissions and menu permissions, as shown in the attached table at the end of this page.
- Click the "Add" button to complete the role addition
After creating a new role, you can associate it with a specific user on the "User Management" page, and the user associated with this role will have the corresponding portal permissions.
If you want to manage portal resources and users according to the organizational structure, please refer to Configuration and Use of Organizational Structure.
Delete a role
Steps to delete unwanted roles:
- Find the role you want to delete, check it, and click "Delete role"
- Click "Yes" in the confirmation dialog that pops up
After the role is deleted, the corresponding relationship with the user is released.
Note: iPortal built-in roles cannot be deleted.
Edit a role
Steps to modify a role's description or reassign permissions to a role:
- Find the role that needs to be modified, click the role name to enter the role information editing page, you can modify the required information, such as the description of the role, but you cannot modify the role name.
- If you need to change the permissions of the current role, re-check the permissions assigned to the role in the permission list.
- After editing the role-related information, click "Save" to make the changes take effect.
Note: Permissions of iPortal built-in roles cannot be edited.。
Tabel 1 Normal permissions for iPortal built-in roles
|
Module |
Permissions |
iPortal built-in roles |
|||
|
ADMIN |
PORTAL_USER |
PORTAL_VIEWER |
DATA_CENTER |
||
|
Resource |
Register, update, delete services |
√ |
√ |
|
√ |
|
View all allowed services |
√ |
√ |
√ |
√ |
|
|
Create, update, delete maps |
√ |
√ |
|
√ |
|
|
View all allowed maps |
√ |
√ |
√ |
√ |
|
|
Add maps |
√ | √ | √ | ||
|
View all allowed scenes |
√ |
√ |
√ |
√ |
|
|
Create, update, delete scenes |
√ |
√ |
|
√ |
|
|
Batch add scenes |
√ | √ | √ | ||
|
Upload, update, delete data |
√ |
|
|
√ |
|
|
Publish services |
√ |
|
|
√ |
|
|
View/Download all allowed data |
√ |
√ |
√ |
√ |
|
|
Create, update, delete projects |
√ |
√ |
|
√ |
|
|
View all allowed projects |
√ |
√ |
√ |
√ |
|
|
Create, update, delete datainsights |
√ |
√ |
|
√ |
|
|
View all allowed datainsights |
√ |
√ |
√ |
√ |
|
|
Create, udpate, delete mapdashboards |
√ |
√ |
|
√ |
|
|
View all allowed mapdashboards |
√ |
√ |
√ |
√ |
|
|
Apply for access to resources |
√ |
√ |
√ |
√ |
|
|
Create, update, delete Notebooks |
√ |
√ |
√ |
||
|
View all allowed Notebooks |
√ |
√ |
√ |
√ |
|
|
Create, udpate, delete GPA models |
√ |
√ |
|
√ |
|
|
Download/execute all allowed GPA models |
√ |
√ |
√ |
√ |
|
|
Create, udpate, delete 3D designs |
√ |
√ |
|
√ |
|
|
View all allowed 3D designs |
√ |
√ |
√ |
√ |
|
|
Group |
Create, update, delete groups |
√ |
√ |
|
√ |
|
Join groups |
√ |
√ |
√ |
√ |
|
|
View public groups |
√ |
√ |
√ |
√ |
|
|
Share |
Share maps |
√ |
√ |
|
√ |
|
Share services |
√ |
√ |
|
√ |
|
|
Share scenes |
√ |
√ |
|
√ |
|
|
Share data |
√ |
|
|
√ |
|
|
Share projects |
√ |
√ |
|
√ |
|
|
Share datainsights |
√ |
√ |
|
√ |
|
|
Share mapdashboards |
√ |
√ |
√ |
||
|
Share Notebooks |
√ |
√ |
√ |
||
|
Share GPA models |
√ | √ | √ | ||
|
Share 3D designs |
√ | √ | √ | ||
|
My account |
Receive all resource access applications |
√ |
|||
|
Create keys |
√ |
√ |
√ |
√ |
|
|
Add credentials |
√ |
√ |
|
√ |
|
Note:
Only when the reviewer of resource authorization in the iPortal.xml configuration file is set to "ADMIN_AND_OWNER", the administrator can assign the "My Account" > "Receive all resource access applications" permission to a role in the general permissions.
Table 2 Management permissions for iPortal built-in roles
|
Module |
Permissions |
iPortal built-in roles |
|||
|
ADMIN |
PORTAL_USER |
PORTAL_VIEWER |
DATA_CENTER |
||
|
Resource management |
Update, delete maps |
√ |
|
|
|
|
View all maps |
√ |
|
|
|
|
|
Add maps in batch |
√ |
||||
|
Share maps |
√ |
|
|
|
|
|
Map review |
√ |
|
|
|
|
|
Update, delete services |
√ |
|
|
|
|
|
View all services |
√ |
|
|
|
|
|
Add services in batch |
√ |
|
|
|
|
|
Share services |
√ |
|
|
|
|
|
Service review |
√ |
|
|
|
|
|
Update,delete scenes |
√ |
|
|
|
|
|
View all scenes |
√ |
|
|
|
|
|
Add scenes in batch |
√ | ||||
|
Share scenes |
√ |
|
|
|
|
|
Scene review |
√ |
||||
|
Update, delete data |
√ |
|
|
|
|
|
View, download all data |
√ |
||||
|
Share data |
√ |
||||
|
Data review |
√ |
||||
|
Register, update, delete projects |
√ |
||||
|
View all projects |
√ |
||||
|
Share projects |
√ |
||||
|
Project review |
√ |
||||
|
Update, delete mapdashboards |
√ |
||||
|
View all mapdashbaords |
√ |
||||
|
Share mapdashboards |
√ |
||||
|
Mapdashboard review |
√ |
||||
|
Update, delete sataInsights |
√ |
||||
|
View all dataInsights |
√ |
||||
|
Share dataInsights |
√ |
||||
|
DataInsight review |
√ |
||||
|
Update, delete Notebooks |
√ |
||||
|
View all Notebooks |
√ |
||||
|
Share Notebooks |
√ |
||||
|
Update, delete GPA models |
√ |
||||
|
Download, execute all GPA models |
√ |
||||
|
Share GPA models |
√ |
||||
|
Update, delete design 3D |
√ |
||||
|
View all design 3D |
√ |
||||
|
Share design 3D |
√ |
||||
|
Groups |
enable, disable group |
√ |
|||
|
Update, delete group |
√ |
||||
|
View all groups |
√ |
||||
|
News |
News |
√ | |||
|
Users |
Departments |
√ |
|||
|
Update user data capacity |
√ |
||||
|
User review |
√ |
||||
|
Add User |
√ |
||||
|
Update user |
√ |
||||
|
Delete user |
√ |
||||
|
View all users |
√ |
||||
|
User group management |
√ |
||||
|
Add, update, delete role |
√ |
||||
|
View all roles |
√ |
||||
|
Portal statistics |
Portal statistics |
√ |
|||
|
Servers |
Add, edit, delete servers |
√ |
|||
|
View all servers |
√ |
||||
|
View hosted servers |
√ |
||||
|
Monitoring configuration |
√ |
||||
|
Use monitoring |
√ |
||||
|
View realtime monitoring |
√ |
||||
|
Alarm rules |
√ |
||||
|
View exception |
√ |
||||
|
Site Configuration |
Site Customization |
√ |
|||
|
Data storage |
√ | ||||
|
Register Management |
√ | ||||
|
Email Notifier |
√ | ||||
|
Resource Center Management |
Service Preview |
√ |
|||
|
Default thumbnail |
√ |
||||
|
Directory management |
√ |
||||
|
Metadata Customization |
√ |
||||
|
App Center Management |
Supporting Service |
√ |
|
|
|
|
Basemap Configuration |
√ |
||||
|
Apps Permissions |
√ |
|
|
|
|
|
DataViz |
√ |
||||
|
DataInsights |
√ |
|
|
|
|
|
MapStudio |
√ |
|
|
|
|
|
Security |
Token Configuration |
√ | |||
|
Security info storage |
√ |
||||
|
Session info management |
√ |
||||
|
User password security setting |
√ |
||||
|
CAS Configuration |
√ |
|
|
|
|
|
Keycloak Configuration |
√ |
|
|
|
|
|
LDAP Configuration |
√ |
|
|
|
|
|
Third-party Configuration |
√ |
||||
|
Delete Keys |
√ |
|
|
|
|
|
Check and delete key quota applications |
√ |
|
|
|
|
|
Logs |
System logs |
√ |
|||
|
Operation logs |
√ |
||||
|
Log configuration |
√ |
||||
|
Feedback |
Feedback |
√ | |||
|
Scheduled Task |
Scheduled Task |
√ |
|
|
|
Note:
Only portal administrators can add roles and create users. Other administrators cannot do this even if they have been granted the corresponding permissions.
Configure the display/hide of the navigation columns in the portal:
- For full-site users, click Management > Site Configuration > Site Customization , select Navigation Settings For individual users, click Management > Site Configuration > Site Customization, select Navigation Settings, and then enter the Navigation Settings page, check the box to show the navigation columns, and uncheck the box to hide the navigation columns
- For individual users, click Administration > Users > Role Management, click Add Role, and in the menu permission list, check the box to grant permissions to the new role. In the permission list of the menu, check the permission you want to grant to the new role, check the box to show the navigation column, uncheck the box to hide the navigation column
Note:
The priority of show/hide navigation columns in navigation settings is higher than that of show/hide navigation columns in role management.
Table 3 Menu permissions for iPortal built-in roles
|
Module |
Permissions |
iPortal built-in roles |
|||
|
ADMIN |
PORTAL_USER |
PORTAL_VIEWER |
DATA_CENTER |
||
|
Homepage |
Homepage |
√ |
√ |
√ |
√ |
|
Resource Center |
Map |
√ |
√ |
√ |
√ |
|
Service |
√ |
√ | √ | √ | |
|
Scene |
√ |
√ |
√ |
√ |
|
|
Data |
√ |
√ |
√ |
√ |
|
|
Insight |
√ |
√ |
√ |
√ |
|
|
MapDashboard |
√ |
√ |
√ |
√ |
|
|
Project |
√ |
√ |
√ |
√ |
|
|
GPA Model |
√ |
√ |
√ |
√ |
|
|
Notebook |
√ |
√ |
√ |
√ |
|
|
Design 3D |
√ |
√ |
√ |
√ |
|
|
App Center |
App Center |
√ |
√ |
√ |
√ |
|
News Center |
News Center |
√ |
√ |
√ |
√ |
|
Groups |
Groups |
√ |
√ | √ | √ |