You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 35 Next »

What

Permissions.xml

Config group

SystemConfigFiles

Required

no

Description

Set permissions for user groups

schema location

https://fewsdocs.deltares.nl/schemas/version1.0/permissions.xsd

What

UserGroups.xml

Config group

SystemConfigFiles

Required

no

Description

Define user groups

schema location

https://fewsdocs.deltares.nl/schemas/version1.0/userGroups.xsd

General

Permissions can be added to the FEWS configuration to allow users (user groups) to access Explorer tasks, Data Editor functions, Filters, etc..  Permissions can be optionally configured in the following configuration files:

  • Explorer.xml
    • Restrict access to explorer tasks such as the Time Series Dialog or the Grid Display. The tasks will not be available in the menus or toolbar for users which do not have the right permissions
  • TimeSeriesDisplayConfig.xml
    • Control who can add and edit values in the data editor window
    • Control who can add and edit labels in the data editor window
    • Control who can add and edit comments in the data editor window
  • ScenarioEditor.xml
    • Control who can create, edit, delete, persist and run scenarios in the scenario editor window
  • GridDisplay.xml
    • Control which displays are visible in the spatial plot window for the current user
  • Filters.xml
    • Control which filters are visible in the FEWS explorer for the current user
  • DisplayGroups.xml
    • Control which shortcuts are visible in the Time Series Display for the current user
  • WorkflowDescriptors.xml
    • Control which users can view, run and approve workflows in the Forecast Dialog and Manual Forecast Dialog.
    • Also control which users can delete forecasts and change expiry times of forecasts in the Forecast Dialog.
    • NOTE: Using permissions on workflows indirectly influences the behaviour of the scenario editor window. Scenario's, based on hidden or non-runnable workflows are not shown in the scenario editor.

Permissions are to be configured as follows

  • Configure optional permission names in any of the above described configuration files.
  • Create the permissions in the permissions configuration file (Permissions 1.00 default.xml) and configure usergroup names which should have access to the permissions.
  • Create the usergroups in in the usergroup configuration file (Usergroups 1.00 default.xml) and assign them user names.

Disable permissions (Stand Alone)

Note: if you want to disable permissions in a Stand Alone version (for example in a WaterCoach application), you can simply remove or rename the Permissions.xml and UserGroups.xml files. This will result in warnings where you have configured viewPermissions, however Delft-FEWS will lift all restrictions to viewing if these files are missing. This work-around only works in a Stand Alone application. In the live system you can not (and should not want to) remove these files locally, since they are stored and managed in the Central Database.


Configure optional permission names

This can be achieved by adding the optional permission tag to the configuration and give it a self-describing name.

Create the permissions configuration file

When available on the file system, the name of the XML file is Permissions.xml


Figure 3 Elements in the Permissions configuration

Permissions 1.00 default.xml
<?xml version="1.0" encoding="UTF-8"?>
<permissions xmlns=".....">
	<permission id="AllowDataEditor">
		<userGroup id="Hydroloog"/>
		<userGroup id="Veldmedewerker"/>
	</permission>
	<permission id="AllowManualForecast">
		<userGroup id="Hydroloog"/>
	</permission>
	<permission id="AllowLabelEditor">
		<userGroup id="Hydroloog"/>
	</permission>
	<permission id="AllowCommentEditor">
		<userGroup id="Hydroloog"/>
		<userGroup id="Veldmedewerker"/>
	</permission>
	<permission id="AllowValueEditor">
		<userGroup id="Hydroloog"/>
	</permission>
</permissions>
Permission

Unique name of the permission

Usergroup

Id of each usergroup that is granted the given permission

create the user groups

When available on the file system, the name of the XML file is Usergroups.xml.  


Figure 4 Elements in the Usergroups configuration

UserGroups 1.00 default.xml
<?xml version="1.0" encoding="UTF-8"?>
<userGroups xmlns="....">
  <userGroup id="Veldmedewerker">
    <user id="Stephan Zuiderwijk" />
    <user id="Marc van Dijk"/>
  </userGroup>
  <userGroup id="Hydroloog">
    <user id="Toon van Peel"/>
  </userGroup>
  <userGroup id="SystemUsers">
    <systemUserGroup id="DOMAIN\userid"/>
  </userGroup>
</userGroups>
Usergroup

Base tag for a usergroup configure one for each user group. Usergroups can contain other usergroups. A user group can contain three types of sub-items:

user id = This is the id of the user that is executing the process.

group id = This is a link to an other user group

systemUserGroup = This is fully qualified domain user or domain group. If the executing user is member of the specified system user group then the permissions  assigned to this group are applied.

User

Name of the user that belongs to the usergroup. Users can be placed in multiple usergroups.

Example of permissions in the Explorer XML and TimeSeriesDisplayConfig XML file.

Explorer 1.00 default.xml
.... 		<explorerTask name="Forecast Management">
			<predefinedDisplay>forecast management</predefinedDisplay>
			<toolbarTask>true</toolbarTask>
			<menubarTask>true</menubarTask>
			<accelerator>ctrl F</accelerator>
    		<permission>AllowDataForecasting</permission> 
		</explorerTask>
....
TimeSeriesDisplayConfig 1.00 default.xml
....
	<generalDisplayConfig>
		<convertDatum>true</convertDatum>
		<valueEditorPermission>AllowValueEditor</valueEditorPermission>
		<labelEditorPermission>AllowLabelEditor</labelEditorPermission>
		<commentEditorPermission>AllowCommentEditor</commentEditorPermission>
	</generalDisplayConfig>
....
  • No labels

Disclaimer