Geocortex Essentials gives you the ability to tailor your applications to individual users by using fine-grained security to control various elements like layers, features, attributes and other capabilities so users are only seeing the items that you want them to be seeing, and not getting overwhelmed.
In this week’s Geocortex Tech Tip, we take a closer look at the basics of using fine-grained security, and how you can deliver a more personalized experience to your users based on their configured permissions.
“Hi, welcome to Geocortex Tech Tips. My name is Jonathan and today we’re going to be talking about using fine-grained security to control access to layers, features, attributes and application functionality.
Let’s get started!
Here I’ve got essentials manager open, and I’m going to go to my site and edit its configuration. On the side panel here we can see the permissions tab which is where you go to configure these fine-grained settings. Here you’ll see a tree of all of the items included in the site, and each item has a Tri-State check box beside it, which we can turn to deny, allow or inherit, where it will inherit the settings from the item in the tree above it that is set.
Up at the top we’ll have a list of the security providers you can configure. For example, ArcGIS online – your organizational account, all users, by group, by organization or organization role. If you pull up one of these, you’ll also have to enter the group that you are interested in and there should be a nice dropdown list there. Once you select the group you can go ahead and configure permissions for that particular group.
Let’s go back to anonymous here.
First thing – why don’t we deny access to the site completely for anonymous users? We’ll say you have to be a member of our ArcGIS Online organization to get in. Now there’s nothing in this site that secured that would apply the security on its own, but once we have that set in Essentials Manager, now there will be a log in required to view this.
Let’s reload our site. We can see the site, but that is because I was automatically signed in, so I’ll sign out, and I have to sign in again. There is no way to see this site without being signed in.
Okay so that’s pretty basic. Let’s look at layers. We can see at the top level under ‘Map,’ we’ll have our map service level objects and then under that the layer objects. Now for a feature layer, there’s only one layer with the one service level object so it doesn’t really matter which you secure. But if you’re talking about a dynamic map service you might have more than one layer, so you can choose to secure the whole map service or individual layers, within group layers, etc.
Let’s go back to our heliports layer here, and I’m not going to let the anonymous people see this layer. They can get into the site, but they can’t see this layer and you’re going to have to be a member of our organization. Don’t care who you are, just that you’re a member and you’re allowed to see it.
Okay, let’s see how that works. So, we’ll sign out again now. And now, the site loads up, we can see that that heliports layer is gone, and it is no longer included in the layer list.
Let’s sign in. And it’s back!
So, we can also secure the fields on our layer. I might say that all of these fields (there are quite a few fields here) are not necessary for every user to see or maybe you’re only going to make them all available to GIS professionals that are in a certain group. So even though we can see this layer as a member of our organization, we’re going to turn off some of these fields (in fact we’re going to turn off most of them). Notice I don’t have to allow the fields that I want to allow, I just have to deny the fields that I want to deny, because these will inherit the allow permission from here. So, let’s see that.
First of all, we’ll just identify a few of these, just so we can see that all the fields are here right now. And there they are!
Okay so let’s reload the site, now we’re signed out. There’s no layer at all. We’ll sign in, the layer is here. But if I identify these features and I take a look only the four fields that I allowed are available. Cool! So what else can you do?
One thing I should point out about fields first before I move on, is that to configure the fields here you do have to first go here, find the layer with the fields on it that you want to configure, and you need to make sure all of the fields have been added here and that they’re not just visible because they’re configured default visible – they have to be added on this page, and then they will become available on this page to secure.
Let’s take a look at some more things that we might deny to anonymous users. We have layer themes, so maybe we don’t want them to switch to those layer theme, so we can turn them off. We can also secure print templates and other items that are configured in the site like workflows. Let’s see what happens with those layer themes.
Right now if I go in here and I look at my layer list, I am signed in but you can see I have some themes available now. I’ll reload.
Now I do want to be signed out and then if I look, I find that ‘All Available Layers’ is the only theme that I can pick. Were you to turn off the option to show all available layers in the theme settings for this viewer, this drop-box would not be here either. But then when we sign in, we’ll find that we again have access to all of the layer themes and we can turn them on like so.
The last thing on the list that I probably should mention is that you can secure individual viewers. You can see I only have one viewer in this site, so I can’t turn this one off, or anonymous access will not be allowed at all and it will be like this viewer doesn’t exist. Since I don’t have any other viewers to load, if I turn that one off for anonymous users then – if they’re not already logged in somehow – it’s like that viewer no longer exists.
And you can see I couldn’t find it. It just loaded the default viewer. So, a little bit of a difference there between securing the viewer and securing the site. If you secure the site, the viewer will still load and give you the opportunity to log in but if you secure viewer there’s no way to even load the viewer.
So that is the basics of using fine-grained security. I hope you have fun with this feature and happy hacking on Geocortex!”
Learn how Geocortex Essentials can help your organization solve business challenges. Check out the Discovery Center to get a feel for the product.