What is a Dataset?
A dataset is a collection of data values in a tabular form that typically consists of rows (or
records) and columns. In the Location Intelligence Module, a dataset can take the form of a .TAB
file, a shapefile, a GeoPackage file, or a JDBC-based table such as an MS SQL Server table.
Benefits of Dataset Access ControlDataset access control allows
administrators to disassociate the permissions of a named table from the editing permissions
of the dataset that the named table points to. For example, as an administrator you can grant
full editing (Create/Modify/Delete) permissions to a dataset while keeping read-only (View)
permissions on the named table. When a user attempts to perform a data manipulation language
(DML) operation (an insert, update, or delete operation using the Feature service or the Write
Spatial Data stage), the user's permissions will be verified not only against the specified
named table in the Location Intelligence.Named Resources entity type but also against the
Location Intelligence.Dataset.DML entity type. If View permissions are denied, the named table
will not appear in the user's repository.
What is a Dataset Secured Entity?
The LocationIntelligence.Dataset.DML secured entity is one of the two types of secured
entities for the Location Intelligence Module. It controls DML permissions to datasets that
are associated with named tables. When a named table is created or uploaded (using any tool,
including Spatial Manager, the Administration Utility, the Named Resource Service, and
WebDAV), a new LocationIntelligence.Dataset.DML secured entity is automatically created for
the associated dataset of that named table. A user must have View permissions on a named
Create/Modify/Delete permissions on the dataset in order to perform DML
operations on writable (JDBC-based) tables. DML operations include insert, update, and
delete operations performed using the Write Spatial Data stage or the Feature
Note: Although you can set Create/Modify/Delete permissions on dataset secured
entities for non-writable datasets such as .TAB files or shapefiles, you still cannot
perform DML operations on these datasets.
Tip: The View permission on the secured entity for the dataset has no impact on its
permissions. If you turn View permission off on a dataset secured entity you will still be able
to view the data in the table. If you do not want a user to see a table, remove View
permissions on the secured entity for the named resource instead.
When a named table is renamed, moved, or deleted, Spectrum Spatial will rename or delete the
associated secured entity for the dataset.
Spatial Roles and Dataset Access
Roles are used to grant or deny access to different parts of the system and help make
permissions management easier. Three predefined roles for users of the Location Intelligence
Module are available in Management Console:
- The spatial-admin role provides full permissions (Create/View/Modify/Delete) for all named resources and datasets. A user with a spatial-admin role can view named resources as well as edit datasets.
- The spatial-user role provides View permissions to named resources only. A user with a
spatial-user role can view resources but cannot edit datasets.
- The spatial-dataset-editor role provides full permissions (Create/View/Modify/Delete) on datasets. For example, an administrator can easily grant full permissions to datasets by adding the spatial-dataset-editor role to a user who currently has the spatial-user role.
These predefined roles cannot be modified. You can, however, create custom roles based on the
predefined spatial roles, assign them to user accounts, then fine-tune access on those roles and
users by applying access control settings (overrides) to datasets, individual named resources,
or folders containing named resources. See Configuring Access Control for more information.