2.8 Managing Spatial Studio User Roles

Learn about the different user roles supported in Spatial Studio.

The following application roles are supported in Spatial Studio:

• SGTech_SystemAdmin
• SPATIAL_AUTHOR
• SPATIAL_CONSUMER
• valid-user

It is important to note that all the role names are case sensitive. When granted to a user, these roles allow the user to access the various features and services of Spatial Studio, governed by the rules described in the following sections.

• Administrator Role: SGTech_SystemAdmin
  A user with the SGTech_SystemAdmin role is considered the system-level administrator of the accessed Spatial Studio instance, irrespective of all other roles they may hold.
• Regular User Roles: SPATIAL_AUTHOR and valid-user
  A user with either the role SPATIAL_AUTHOR or valid-user (but not the SGTech_SystemAdmin role) is considered a regular user.
• Read-Only User Role: SPATIAL_CONSUMER
  A user with the SPATIAL_CONSUMER role is considered a read-only user and is prohibited from creating, modifying or removing any permanent objects (such as datasets, connections, spatial analyses, write-access tokens, and so on) within Spatial Studio.
• Granting Spatial Studio Application Roles
  The SGTech_SystemAdmin, SPATIAL_AUTHOR, SPATIAL_CONSUMER, and valid-user roles are all considered application roles as they only apply within Spatial Studio.

2.8.1 Administrator Role: SGTech_SystemAdmin

A user with the SGTech_SystemAdmin role is considered the system-level administrator of the accessed Spatial Studio instance, irrespective of all other roles they may hold.

A system-level administrator role allows the user to:

• Access every aspect of Spatial Studio, including all the datasets, connections, and projects created by any other user in the same Spatial Studio instance or any other instance connected to the same metadata schema.
• Change global or instance-wide settings such as banner customization, custom base maps or safe domains.
• Monitor and view system logs.

2.8.2 Regular User Roles: SPATIAL_AUTHOR and valid-user

A user with either the role SPATIAL_AUTHOR or valid-user (but not the SGTech_SystemAdmin role) is considered a regular user.

A regular user role allows the user to:

• Create various Spatial Studio objects such as connections, datasets, and projects.
• Create spatial analyses.
• Publish projects and add custom map icons.

Note:

The role valid-user is considered a legacy role and is supported in Spatial Studio Release 25.1 solely for backward compatibility. It is recommended to grant only the SPATIAL_AUTHOR role in Spatial Studio Releases later than 25.1 as the valid-user role will eventually be desupported.

2.8.3 Read-Only User Role: SPATIAL_CONSUMER

A user with the SPATIAL_CONSUMER role is considered a read-only user and is prohibited from creating, modifying or removing any permanent objects (such as datasets, connections, spatial analyses, write-access tokens, and so on) within Spatial Studio.

A user with the SPATIAL_CONSUMER role is allowed to:

• Create a new project from existing datasets.

  However, the new project cannot be saved or published.

• Perform data visualization activities within the currently logged in session.

Note:

A user is a read-only user if SPATIAL_CONSUMER is the only role granted to them. If a user has both SPATIAL_CONSUMER and any other role, such as SPATIAL_AUTHOR or valid-user, then those other roles with greater privileges will take precedence.

The following describes a few use cases that apply for the SPATIAL_CONSUMER role:

• As seen in Regular User Roles: SPATIAL_AUTHOR and valid-user, a user with SPATIAL_AUTHOR role can create projects and datasets within Spatial Studio. Once the project(s) are finalized, the Spatial Studio administrator may change the user's role to contain only SPATIAL_CONSUMER, effectively freezing the projects from being modified (accidentally).
• Another use case of such a role is for read-only users to be able to visualize publicly available datasets for information purposes without creating permanent projects that can potentially consume a lot of resources in Spatial Studio.

2.8.4 Granting Spatial Studio Application Roles

The SGTech_SystemAdmin, SPATIAL_AUTHOR, SPATIAL_CONSUMER, and valid-user roles are all considered application roles as they only apply within Spatial Studio.

You can grant these roles to various users depending on the Spatial Studio deployment scenario.

• If you are managing a Spatial Studio instance that is started using the Quick Start zip file, then you can easily add users and grant them the necessary roles by navigating to the jetty-home/security/jetty-realm-mt.properties file in the Oracle_Spatial_Studio directory.
• If you are running Spatial Studio as a JavaEE application in Oracle WebLogic Server, then the roles must be first created in the WebLogic Server’s security realm. They can then be assigned to the (WebLogic) users accordingly.