MapLarge's Role Based Access Control System provides a secure method of restricting account access to authorized users. RBAC enables account owners to create groups with predefined permissions and assign users to these groups. Users are allowed to view resources and perform various actions based on their group enrollment. MapLarge’s authorization system includes:
- Accounts - all groups and tables belong to one account.
- Groups - control permissions within an account including access to tables.
- Users - can have access to multiple accounts and derive all their permissions from membership in account groups. For example, if a user is a member of the Account A Editors group, then that user will have edit permissions over tables in account A.
Accounts are the top level of the MapLarge authorization hierarchy. Groups and data belong to accounts. At least one account is required to upload data to the server.
- MapLarge hosted plans come with one account and a superuser. The superuser can create additional accounts.
- On-Premise deployments have a superuser created by default. The superuser can then create accounts.
Groups belongs to an account. There are three types of groups with different levels of permissions: Administrator, Editor, and Viewer. The first group administrator in a new account is created by the superuser. A group can only belong to one account but a group can have multiple users.
Users are enrolled in groups and receive permissions based on their group. A user can be enrolled in multiple groups and can belong to more than one account. Users are created by Group Administrators or the superuser.
Role Based Permissions
|Account||Accounts are the top level of the MapLarge authorization hierarchy. An account can have multiple groups and tables.||Accounts do not have permissions.|
|Group - Administrator||Administrators are a type of group that belongs to an account. An account can have multiple groups but a group can only belong to one account. Administrators manage groups, users, and tables.||
|Group - Editor||Editors are a type of group that belongs to an account. Editors have editing permissions for creating and deleting tables.|
|Group - Viewer||Viewers have read-only permissions. Viewers can view users and tables but cannot edit or delete users and tables.|
|User||Users are members of groups. User permissions are based on group(s) enrollment. Users can be added to more than one group and account.||See Group roles.|