To support environments where the users and
groups information is stored outside the ArcViz
environment, such as LDAP, the role membership lists for users and groups
only store names. During role update and create operations, ArcViz accepts
the user and group names 'as is', without validating them.
Each entry in the privs list corresponds to a single privilege
row in the ArcViz role edit screen. Each row contains fields for the
privilege type (ptype), an identifier section, and a list
of permissions (perms) for the identified objects, such as
datasets or data connections. Each privilege type has a specific identifier,
and set of possible permissions. ArcViz stores the dataset IDs and
connection IDs within the identifier sections as a STRING,
and uses the special value "-1" to indicate "All datasets"
or "All connections".
JSON Fields for Roles Data Type
Field
Detail Only
Updatable
Description
id
No
No
Role ID
name
No
Yes
Role name
desc
No
Yes
Role description
users
No
Yes
List of usernames that belong to this
role
groups
No
Yes
List of groups that belong to this
role
privs
Yes
Yes
List of privilege structures for this role,
as described in Privileges Types
Privileges Types
The Arcadia Enterprise Role-Based Access Control system supports the following permission types:
ptype: "system"
Identifier
None
Permissions
Permission Name
Description
sys_editperm
Manage roles and
users
sys_styles
Manage styles and settings
sys_viewlogs
View query logs
sys_editconn
Manage data connections
ptype: "dataconn"
Identifier
Field Name
Description
Example
dclist
List of data connection IDs, or
-1 for 'All data
connections'
"dclist" : ["-1"]
Permissions
Permission Name
Description
dc_aviews
Manage analytical views
dc_upload
Import data
dc_expore
Create datasets and explore tables
ptype: "dataset"
Identifier
Field Name
Description
Example
dcid
Data
connection ID for this privilege, or
-1 for 'All'
"dcid" : "-1"
dslist
List of dataset IDs for this
privilege
"dslist" : ["1", "2", "3"]
Permissions
Permission Name
Description
dc_aviews
Manage
analytical views
dc_upload
Import
data
dc_expore
Create
datasets and explore tables
Creating Roles
The following code creates a new role with groups
dataconn_managers and
arcviz_admins. The role has system-level
permissions to view logs, and to create new datasets. It also has
full permissions on all connections and all datasets: