MapLarge's Role Based Access Control System (RBAC) is a secure and flexible way to provide permission to users so they can use and administer the MapLarge system.
MapLarge’s RBAC has the following elements:
- Create, edit, delete Groups
- Create, edit, and delete Users
- Enroll Users in Groups
- Create, edit, and delete Tables
- Create and Delete Tables
- View Users
- View all tables
Accounts contain data and help admins control access to that data. Tables belong to accounts.
MapLarge hosted plans come with one account and a superuser. The superuser can create additional accounts.
On-Premise deployments have a superuser created by default. The superuser can then create accounts. When accounts are created they must have an account name and description.
Groups belongs to an account. There are three types of groups with different levels of permissions: Administrator, Editor, and Viewer. The first group administrator in a new account is created by the superuser. A group can only belong to one account.
Users are enrolled in groups and receive permissions based on their group. A user can be enrolled in multiple groups and can belong to more than one account. Users are created by Group Administrators or the superuser.
Role Based Permissions
|Account||Accounts are the top level of the MapLarge authorization hierarchy. An account can have multiple groups and tables.||Accounts do not have permissions.|
|Group - Administrator||Administrators are a type of group that belongs to an account. An account can have multiple groups but a group can only belong to one account. Administrators manage groups, users, and tables.||
|Group - Editor||Editors are a type of group that belongs to an account. Editors have editing permissions for creating and deleting tables.|
|Group - Viewer||Viewers have read-only permissions. Viewers can view users and tables but cannot edit or delete users and tables.|
|User||Users are members of groups. User permissions are based on group(s) enrollment. Users can be added to more than one group and account.||See Group roles.|