Overview

MapLarge's Role Based Access Control System provides a secure method of restricting account access to authorized users. RBAC enables account owners to create groups with predefined permissions and assign users to these groups. Users are allowed to view resources and perform various actions based on their group enrollment. MapLarge’s authorization system includes:

  • Accounts - all groups and tables belong to one account.
  • Groups - control permissions within an account including access to tables.
  • Users - can have access to multiple accounts and derive all their permissions from membership in account groups. For example, if a user is a member of the Account A Editors group, then that user will have edit permissions over tables in account A.
*Each MapLarge plan also includes a superuser with permission to perform all administrative tasks.

Accounts

Accounts are the top level of the MapLarge authorization hierarchy. Groups and data belong to accounts. At least one account is required to upload data to the server.

  • MapLarge hosted plans come with one account and a superuser. The superuser can create additional accounts.
  • On-Premise deployments have a superuser created by default. The superuser can then create accounts.
When accounts are created they must have an account name, code, and description. The account code is used to identify the account in the MapLarge UI.

Groups

Groups belongs to an account. There are three types of groups with different levels of permissions: Administrator, Editor, and Viewer. The first group administrator in a new account is created by the superuser. A group can only belong to one account but a group can have multiple users.

Users

Users are enrolled in groups and receive permissions based on their group. A user can be enrolled in multiple groups and can belong to more than one account. Users are created by Group Administrators or the superuser.

Role Based Permissions
DescriptionPermissions
AccountAccounts are the top level of the MapLarge authorization hierarchy. An account can have multiple groups and tables.Accounts do not have permissions.
Group - AdministratorAdministrators are a type of group that belongs to an account. An account can have multiple groups but a group can only belong to one account. Administrators manage groups, users, and tables.
  • Create, edit, delete Groups
  • Create, edit, and delete Users
  • Enroll Users in Groups
  • Create, edit, and delete Tables
Group - EditorEditors are a type of group that belongs to an account. Editors have editing permissions for creating and deleting tables.
  • Create and Delete Tables
Group - ViewerViewers have read-only permissions. Viewers can view users and tables but cannot edit or delete users and tables.
  • View Users
  • View all tables
UserUsers are members of groups. User permissions are based on group(s) enrollment. Users can be added to more than one group and account.See Group roles.
MapLarge Authorization