Rules Using the User Management Service SOAP Interface

The following rules apply when setting permissions for users using the User Management SOAP Interface:

  1. You must first have created users in the Spectrum™ Technology Platform Management Console (giving them access to the services).
  2. There is a default 'everyone' user group that is applied to resources when you do not specify set permissions. This user group has READ permissions. So all users have READ permissions on a resource unless modified using the User Management SOAP Interface.
  3. It is preferred that you set permissions on a repository node (folder) rather than a specific resource. This makes repository management easier to maintain.
  4. You need to provide a user read, add, and modify permissions to allow them the ability to add or modify any resources in the repository, or add or modify any resources using the Named Resource Service.
  5. You do not have to add the admin or guest users. These users have already been created.

The following permissions are required for performing the following actions, either directly using WebDAV or WebFolder, or using the Resource Management service:

Action Read Add Remove Modify All
Access a subfolder X        
Add a subfolder X X      
Remove a subfolder X   X    
Add files to a folder X X   X  
Remove files from a folder X   X X  
Update files in a folder X     X  
Modify permissions of a folder         X

Security Notes

If service-level security is turned off at the platform level, it causes the execution of service requests to use the admin user. For the Location Intelligence Module this means that any named resource that is added to the repository is “owned” by the admin user; therefore, running the GetPermissionsRequest shows that non-admin users have only "Read" permissions.

Disabling both service-level and role-based security completely opens up the Location Intelligence Module's services and named resources. Running the GetPermissionsRequest will also show that non-admin users now have "All" permissions.