Table of Contents

4. Actors, Authentification, Access, Rights and User Accounts

In the geoportal exist several user levels. Every user has a user account associated to a set of profiles. In the profiles the individual rights concerning the mapper, the catalogue the webservices and the overall geoportal functions are saved.

The following chapter explains the principles that rule the geoportal and that make sure that the access restrictions can be adapted very finely to the user’s needs.

4.1 Actors in the geoportal

The actors in the geoportal can be split into 4 groups:

The "General Public"

When opening the geoportal's home page, the user automatically acts as a “general public” user, as long as he has not logged in the system by providing his user account name and his password. The “general public” is the anonymous standard user, who is granted with the minimal user rights in the system and who can do the basic operations in the geoportal. He can learn about the existing and available products by viewing the metadata catalogue's contents, and view the geodata in the mapping tool. He is also allowed to ask questions to the geoportal's support team and to read the FAQ. He CANNOT order products.

The "Client"

Unlike the “General Public”, the “client” has an individual user account associated to a password, which allows him to authenticate himself in the system. He has access to the “order” menu and can send orders or estimate requests concerning the available products in the catalog. In the order menus, he can check the state of his different orders and eventually download ordered files. For more information, please read the corresponding chapters in the geowiki.

The "Special client"

The “Special Client” is also authenticated via his user account and his password. He has all the rights of the “client” but additionally, he can access to some specialized functions that require previous regulations. Depending on the granted rights, he can

The "Provider"

The “provider” is the highest-ranking actor in the geoportal, thus the one with the maximum level of rights and functions. He generally has all the rights of a “special client” but has some additional rights / functions to

4.2 Root Accounts & Subordinate Accounts

Subordinate accounts are used to delegate the management of the individual user accounts of customer organizations to one single main (« root ») account, without any interaction by the geoportal’s management. This means great flexibility for the customers as well as an easier task for the geoportal management team.

The owner of a root account can open new individual user accounts. Every single subordinate account can get all or a part of the special rights of the root account. Of course the root account cannot delegate more rights than it possesses itself.

The set of an organization’s subordinate accounts directly depends on the access rights of the root account, and the delegation of access rights can be done by switching on or off one or several items of the following:

4.3 Connect to the geoportal

On the upper left of the geoportal’s screen appears the login block.

If the user is not yet connected:

When connected, the user can:

4.4 Manage the “Subordinate Accounts”

Root accounts with active subordinate account function can create and manage subordinate accounts. This function is only available for the root account itself and not for the subordinate accounts.

FIXME

The management of the subordinate accounts has 3 main aspects:

4.4.1 Hierarchical organization of the accounts

The subordinate accounts are organized in a tree-hierarchy, where the main branch directly depends from the root account. There can be as many sub-branches as needed by the root account.

FIXME

Between the root account and the subordinate account the special rights detained by the root account can be passed on totally or partially. But among the subordinate accounts the tree hierarchy is a purely organizational one. There is no transfer of rights from one level of the subordinate accounts to another.

The user of the root account can :

4.4.2 Manage the settings - « Contact » tag

This tag is the first to be opened when a new account is created. The empty fields have to be filled. When an existing account is opened, the contents of the settings is displayed.

Unlike the root account, the subordinate accounts do no have a section for the billing address, as they always act on behalf of the root account’s organization. The billing address of the root account is automatically used.

The properties of the “Contact” tag are:

The user can:

4.4.3 Manage the settings - “Login” tag

The name of the user associated with the account is mentioned on the top of tags to make sure the root account user is well aware of which account he is actually dealing with.

The properties of the login tag are:

The user can:

4.4.4 Manage the settings - “Rights” tag

It has already been mentioned above that when creating new subordinate accounts, the root account can pass on all or part of its special rights to the subordinate accounts. To make things quite simple yet powerful enough, the geoportal offers transfer of rights with the following principles:

The following options can be activated:

4.5 Manage the own Account (“My Account”)

After having logged in, every user can manage his account’s settings. This happens in the menu “my account”. Most of the functions are the same as those already described above for the subordinate accounts.

4.5.1 My account - “Contact” tag

The properties of this tag are the same as those described above. Aditionnally there are fields for the billing address.

The user can :

4.5.2 My account – “Login” tag

The properties of this tag are the same as those described above.

The user can :