In the geoportal exist several user levels. Every user has a user account associated to a set of profiles. In the profiles the individual rights concerning the mapper, the catalogue the webservices and the overall geoportal functions are saved.
The following chapter explains the principles that rule the geoportal and that make sure that the access restrictions can be adapted very finely to the user’s needs.
The actors in the geoportal can be split into 4 groups:
When opening the geoportal's home page, the user automatically acts as a “general public” user, as long as he has not logged in the system by providing his user account name and his password. The “general public” is the anonymous standard user, who is granted with the minimal user rights in the system and who can do the basic operations in the geoportal. He can learn about the existing and available products by viewing the metadata catalogue's contents, and view the geodata in the mapping tool. He is also allowed to ask questions to the geoportal's support team and to read the FAQ. He CANNOT order products.
Unlike the “General Public”, the “client” has an individual user account associated to a password, which allows him to authenticate himself in the system. He has access to the “order” menu and can send orders or estimate requests concerning the available products in the catalog. In the order menus, he can check the state of his different orders and eventually download ordered files. For more information, please read the corresponding chapters in the geowiki.
The “Special Client” is also authenticated via his user account and his password. He has all the rights of the “client” but additionally, he can access to some specialized functions that require previous regulations. Depending on the granted rights, he can
The “provider” is the highest-ranking actor in the geoportal, thus the one with the maximum level of rights and functions. He generally has all the rights of a “special client” but has some additional rights / functions to
Subordinate accounts are used to delegate the management of the individual user accounts of customer organizations to one single main (« root ») account, without any interaction by the geoportal’s management. This means great flexibility for the customers as well as an easier task for the geoportal management team.
The owner of a root account can open new individual user accounts. Every single subordinate account can get all or a part of the special rights of the root account. Of course the root account cannot delegate more rights than it possesses itself.
The set of an organization’s subordinate accounts directly depends on the access rights of the root account, and the delegation of access rights can be done by switching on or off one or several items of the following:
On the upper left of the geoportal’s screen appears the login block.
Root accounts with active subordinate account function can create and manage subordinate accounts. This function is only available for the root account itself and not for the subordinate accounts.
The management of the subordinate accounts has 3 main aspects:
The subordinate accounts are organized in a tree-hierarchy, where the main branch directly depends from the root account. There can be as many sub-branches as needed by the root account.
Between the root account and the subordinate account the special rights detained by the root account can be passed on totally or partially. But among the subordinate accounts the tree hierarchy is a purely organizational one. There is no transfer of rights from one level of the subordinate accounts to another.
The user of the root account can :
This tag is the first to be opened when a new account is created. The empty fields have to be filled. When an existing account is opened, the contents of the settings is displayed.
Unlike the root account, the subordinate accounts do no have a section for the billing address, as they always act on behalf of the root account’s organization. The billing address of the root account is automatically used.
The properties of the “Contact” tag are:
The user can:
The name of the user associated with the account is mentioned on the top of tags to make sure the root account user is well aware of which account he is actually dealing with.
The properties of the login tag are:
The user can:
It has already been mentioned above that when creating new subordinate accounts, the root account can pass on all or part of its special rights to the subordinate accounts. To make things quite simple yet powerful enough, the geoportal offers transfer of rights with the following principles:
The following options can be activated:
After having logged in, every user can manage his account’s settings. This happens in the menu “my account”. Most of the functions are the same as those already described above for the subordinate accounts.
The properties of this tag are the same as those described above. Aditionnally there are fields for the billing address.
The user can :