...
Permissions can be added to control which user groups (and therefore which users) can see displays and nodes in the GUI:
- Explorer.xml, <permission>: explorer tasks (displays), such as the Time Series Dialog or the Grid Display. Tasks will not be visible in the menus or toolbar.
- Topology.xml, <viewPermission>: tasks (nodes) in the Forecast Tree
- GridDisplay.xml, <viewPermission>: displays (nodes) in the Spatial Display
- Filters.xml, <viewPermission>: filters (nodes) in the Data Viewer
- DisplayGroups.xml, <viewPermission>: shortcuts (listed under the Star icon) in the Time Series Display
- webOperatorClient.xml, <viewPermission>: components (displays) in the WebOC
...
You need to configure at least 3 files to set-up permissions:
- Define <userGroup> 's (1 or multiple) in SystemConfigFiles/UserGroups.xml and assign them <user> id'sIDs.
- userGroups can be nested
- Alternatively, you can assign users to userGroups in the Admin Interface: Users#EditUser
- Define <permission> 's (1 or multiple) in SystemConfigFiles/Permissions.xml and assign them <userGroup> id's1 or multiple <userGroup> IDs.
- Include permission configuration in any or all of the above listed configuration files, using the <permission> IDs.
Info | ||
---|---|---|
| ||
Note: to disable permissions in a Stand Alone (e.g. the WaterCoach), simply remove/rename Permissions.xml and UserGroups.xml. |
...
Unique name of the permission
...
userGroup
Id of each usergroup userGroup that is granted the given permission
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<permissions xmlns=".....">
<permission id="AllowDataEditor">
<userGroup id="Hydroloog"/>
<userGroup id="Veldmedewerker"/>
</permission>
<permission id="AllowManualForecast">
<userGroup id="Hydroloog"/>
</permission>
<permission id="AllowLabelEditor">
<userGroup id="Hydroloog"/>
</permission>
<permission id="AllowCommentEditor">
<userGroup id="Hydroloog"/>
<userGroup id="Veldmedewerker"/>
</permission>
<permission id="AllowValueEditor">
<userGroup id="Hydroloog"/>
</permission>
</permissions>
|
With the enabled attribute you can make a permission only available for certain globalProperties.xml/clientConfig.xml (OC/Webservice)
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<permissions xmlns=".....">
<permission id="FEWS_SA" enabled="$PROP_SA$">
<userGroup id="OC_DataEditor"/>
<userGroup id="OC_Forecaster"/>
<userGroup id="OC_SuperUser"/>
<userGroup id="OC_Configurator"/>
</permission
<permissions xmlns=".....">
|
userGroups.xml
When available on the file system, the name of the XML file is Usergroups.xml.
Figure 4 Elements in the Usergroups configuration
userGroup
Base tag for a userGroup configure one for each user group. A userGroup can contain three types of sub-items:
...