ACL and Accessing Services and Applications

Service and application access is restricted depending on the ACL that has been granted. The following list describes the permissions needed by users. Full details are provided under each service method in REST and SOAP guide for each service.
  • Mapping Service (REST and SOAP): Users can list, describe and render the maps and layers on which they have resource EXECUTE permission. Permission is not required for underlying resources to render a specific map or layer (but will be needed if a client application also needs to describe or access the underlying resources if they are presented to users).
  • Map Tiling Service (REST and SOAP): Users can list, describe and render the named tiles on which they have resource EXECUTE permission. Permission is not required for underlying resources to render a specific tile (but will be needed if a client application also needs to describe or access the underlying resources if they are presented to users).
  • Feature Service (REST and SOAP): Users can list, describe and query features from the named tables and views on which they have dataset EXECUTE permission. Users can insert, update and delete features from the named tables on which they have dataset CREATE, MODIFY or DELETE permission
  • Named Resource Service (SOAP): In order to use any operation in the Named Resource Service a user must have folder permissions on at least one folder (and they must have READ or WRITE on the folders to see or manage the resources)
  • ACL Service (REST): The listDatasetPermissions and listFolderPermissions in the ACL service are available to all users. In order to use the other “ACL” operations (to list, add or delete any resource, folder or dataset permissions) a user must have folder permissions on at least one folder (and they must have READ or WRITE on the folders to see or manage the resources).
  • WMTS: There are no ACL permissions applied to Named WMTS tiles. If a Named WMTS tile is created this implies READ access to it via the WMTS service. ACL permissions are not required for the underlying resources. A user will be able to access the tile via the WMTS service (but not via the other services, unless they have specific resource permissions).
  • WMS: For the WMS service adding a layer to service implies read access to it via the WMS service. ACL permissions are not required on the underlying Named Layer resource. The layer will be listed in the capabilities file and users will be able to render the map and legend and get feature info via the WMS service (but not via the other services, unless they have specific resource permissions)
  • WFS: For the WFS service adding a table to service implies read access to it via the WFS. ACL permissions are not required on the underlying Named Table resource. The table will be listed in the capabilities file and users will be able to query features via the WFS service (but not via the other services, unless they have specific resource permissions)
  • Spatial Manager: In order to manage resources in the Spatial Manager application, a user must have spatial admin permissions. Currently users who are sub-admins can manage resources using the service APIs.
  • Map Uploader: In order to upload using the Map Uploader a user must have spatial admin permissions. Currently users who are sub-admins can manage resources using the service APIs.
  • Dataflows in Enterprise Designer: In order to execute dataflows, a user must have admin or spatial admin along with designer role permissions. The user must have EXECUTE permissions on namedtables and Create/Modify/Delete on the dataset to perform DML operations for the supported writable table.