What

Permissions.xml

Config group

SystemConfigFiles

Required

no

Description

Set permissions for user groups

schema location

https://fewsdocs.deltares.nl/schemas/version1.0/permissions.xsd




What

UserGroups.xml

Config group

SystemConfigFiles

Required

no

Description

Define user groups

schema location

https://fewsdocs.deltares.nl/schemas/version1.0/userGroups.xsd



General

Permissions can be added to control which user groups (and therefore which users) can see displays and nodes in the GUI:

Permissions can also restrict which user groups can do certain things in the GUI:

Configuration of permissions

You need to configure at least 3 files to set-up permissions:


Note: to disable permissions in a Stand Alone (e.g. the WaterCoach), simply remove/rename Permissions.xml and UserGroups.xml.
With these files missing, Delft-FEWS will lift all restrictions related to viewPermissions. You can ignore any warnings regarding configured viewPermissions.


Note: you can integrate the userGroups and Permissions configuration with Open ID: FEWS Web Services Security with Open ID Connect


Permissions.xml

When available on the file system, the name of the XML file is Permissions.xml


Figure 3 Elements in the Permissions configuration

Permission

Unique name of the permission

userGroup

Id of each userGroup that is granted the given permission

<?xml version="1.0" encoding="UTF-8"?>
<permissions xmlns=".....">
	<permission id="AllowDataEditor">
		<userGroup id="Hydroloog"/>
		<userGroup id="Veldmedewerker"/>
	</permission>
	<permission id="AllowManualForecast">
		<userGroup id="Hydroloog"/>
	</permission>
	<permission id="AllowLabelEditor">
		<userGroup id="Hydroloog"/>
	</permission>
	<permission id="AllowCommentEditor">
		<userGroup id="Hydroloog"/>
		<userGroup id="Veldmedewerker"/>
	</permission>
	<permission id="AllowValueEditor">
		<userGroup id="Hydroloog"/>
	</permission>
</permissions>


With the enabled attribute you can make a permission only available for certain globalProperties.xml/clientConfig.xml (OC/Webservice)

<?xml version="1.0" encoding="UTF-8"?>
<permissions xmlns=".....">
	<permission id="FEWS_SA" enabled="$PROP_SA$">
		<userGroup id="OC_DataEditor"/>
		<userGroup id="OC_Forecaster"/>
		<userGroup id="OC_SuperUser"/>
		<userGroup id="OC_Configurator"/>
	</permission
<permissions xmlns=".....">

userGroups.xml

When available on the file system, the name of the XML file is Usergroups.xml.  


Figure 4 Elements in the Usergroups configuration


userGroup

Base tag for a userGroup configure one for each user group. A userGroup can contain three types of sub-items:

User

id of the user that belongs to the userGroup. Users can be placed in multiple userGroups.

<?xml version="1.0" encoding="UTF-8"?>
<userGroups xmlns="....">
  <userGroup id="Veldmedewerker">
    <user id="Stephan Zuiderwijk" />
    <user id="Marc van Dijk"/>
  </userGroup>
  <userGroup id="Hydroloog">
    <user id="Toon van Peel"/>
  </userGroup>
  <userGroup id="SystemUsers">
    <systemUserGroup id="DOMAIN\userid"/>
  </userGroup>
</userGroups>

Explorer.xml

.... 		<explorerTask name="Forecast Management">
			<predefinedDisplay>forecast management</predefinedDisplay>
			<toolbarTask>true</toolbarTask>
			<menubarTask>true</menubarTask>
			<accelerator>ctrl F</accelerator>
    		<permission>AllowDataForecasting</permission> 
		</explorerTask>
....

TimeSeriesDisplayConfig.xml

....
	<generalDisplayConfig>
		<convertDatum>true</convertDatum>
		<valueEditorPermission>AllowValueEditor</valueEditorPermission>
		<labelEditorPermission>AllowLabelEditor</labelEditorPermission>
		<commentEditorPermission>AllowCommentEditor</commentEditorPermission>
	</generalDisplayConfig>
....