You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 36 Next »

What

Permissions.xml

Config group

SystemConfigFiles

Required

no

Description

Set permissions for user groups

schema location

https://fewsdocs.deltares.nl/schemas/version1.0/permissions.xsd

What

UserGroups.xml

Config group

SystemConfigFiles

Required

no

Description

Define user groups

schema location

https://fewsdocs.deltares.nl/schemas/version1.0/userGroups.xsd

General

Permissions can be added to control which user groups (and therefore which users) can see displays and nodes in the GUI:

  • Explorer.xml, <permission>: explorer tasks (displays), such as the Time Series Dialog or the Grid Display. Tasks will not be visible in the menus or toolbar.
  • GridDisplay.xml, <viewPermission>: displays (nodes) in the Spatial Display
  • Filters.xml, <viewPermission>: filters (nodes) in the Data Viewer
  • DisplayGroups.xml, <viewPermission>: shortcuts (listed under the Star icon) in the Time Series Display 

Permissions can also restrict which user groups can do certain things in the GUI:

  • TimeSeriesDisplayConfig.xml, add and edit in the Data Editor Display of
    • values, with <valueEditorPermission>
    • labels, with <labelEditorPermission>
    • comments, with <commentEditorPermission>
  • WorkflowDescriptors.xml: manipulate workflows in the Forecast Dialog and Manual Forecast Dialog.
    NOTE: Permissions on workflows will be applied throughout the application, e.g. the Scenario Editor and Task Run Display. 
    • view, with <viewPermission>
    • run, with <runPermission>
    • approve, with <approvePermission>
    • delete and change expiry times, with <deletePermission>
  • ScenarioEditor.xml: create, edit, delete, persist and run scenarios in the scenario editor window


Configuration of permissions

You need to configure at least 3 files to set-up permissions:

  • Define <userGroup>'s in SystemConfigFiles/UserGroups.xml and assign them <user> id's.
  • Define <permission>'s in SystemConfigFiles/Permissions.xml and assign them <userGroup> id's.
  • Include permission configuration in any of the above listed configuration files.


Disable permissions (Stand Alone)

Note: if you want to disable permissions in a Stand Alone version (for example in a WaterCoach application), you can simply remove or rename the Permissions.xml and UserGroups.xml files. This will result in warnings where you have configured viewPermissions, however Delft-FEWS will lift all restrictions to viewing if these files are missing. This work-around only works in a Stand Alone application. In the live system you can not (and should not want to) remove these files locally, since they are stored and managed in the Central Database.

Permissions.xml

When available on the file system, the name of the XML file is Permissions.xml


Figure 3 Elements in the Permissions configuration

Permission

Unique name of the permission

Usergroup

Id of each usergroup that is granted the given permission

Permissions 1.00 default.xml
<?xml version="1.0" encoding="UTF-8"?>
<permissions xmlns=".....">
	<permission id="AllowDataEditor">
		<userGroup id="Hydroloog"/>
		<userGroup id="Veldmedewerker"/>
	</permission>
	<permission id="AllowManualForecast">
		<userGroup id="Hydroloog"/>
	</permission>
	<permission id="AllowLabelEditor">
		<userGroup id="Hydroloog"/>
	</permission>
	<permission id="AllowCommentEditor">
		<userGroup id="Hydroloog"/>
		<userGroup id="Veldmedewerker"/>
	</permission>
	<permission id="AllowValueEditor">
		<userGroup id="Hydroloog"/>
	</permission>
</permissions>


userGroups.xml

When available on the file system, the name of the XML file is Usergroups.xml.  


Figure 4 Elements in the Usergroups configuration


userGroup

Base tag for a userGroup configure one for each user group. A userGroup can contain three types of sub-items:

  • user: id of the user that is executing the process
  • userGroup: a reference a different userGroup. UserGroup's can be nested.
  • systemUserGroup: a fully qualified domain user or domain group. If the executing user is member of the specified system user group then the permissions assigned to this group are applied.

User

id of the user that belongs to the userGroup. Users can be placed in multiple userGroups.

UserGroups 1.00 default.xml
<?xml version="1.0" encoding="UTF-8"?>
<userGroups xmlns="....">
  <userGroup id="Veldmedewerker">
    <user id="Stephan Zuiderwijk" />
    <user id="Marc van Dijk"/>
  </userGroup>
  <userGroup id="Hydroloog">
    <user id="Toon van Peel"/>
  </userGroup>
  <userGroup id="SystemUsers">
    <systemUserGroup id="DOMAIN\userid"/>
  </userGroup>
</userGroups>


Examples of permissions in the configuration

Example of permissions in the Explorer XML 

Explorer 1.00 default.xml
.... 		<explorerTask name="Forecast Management">
			<predefinedDisplay>forecast management</predefinedDisplay>
			<toolbarTask>true</toolbarTask>
			<menubarTask>true</menubarTask>
			<accelerator>ctrl F</accelerator>
    		<permission>AllowDataForecasting</permission> 
		</explorerTask>
....

Example of permissions in TimeSeriesDisplayConfig XML

TimeSeriesDisplayConfig 1.00 default.xml
....
	<generalDisplayConfig>
		<convertDatum>true</convertDatum>
		<valueEditorPermission>AllowValueEditor</valueEditorPermission>
		<labelEditorPermission>AllowLabelEditor</labelEditorPermission>
		<commentEditorPermission>AllowCommentEditor</commentEditorPermission>
	</generalDisplayConfig>
....
  • No labels

Disclaimer