With the new version 1.7, security.manager NEXT once again boasts many improvements. The most important of these are described below.
security.manager allows you to define custom access policies for different user groups. However, there is often a desire to assign policies for users for whose user group either no specific access rights have been assigned or who do not belong to any user group at all.
Using the so-called fallback policies, you can now determine which rights "everyone else" should receive in addition to assigning individual rights.
Imagine, for example, that a retail company provides store information via a feature service. Top management should be able to view all data for all stores. Regional management should be able to view all the information for the stores in their region, and store managers should only be able to view the information relating to their store.
All other users should only be able to view basic information about the locations (location, opening hours, contact, but no sales figures or performance data). These other users can belong to very different groups (such as store employees, drivers, real estate managers, etc.). With the help of fallback access rights, it is no longer necessary to list all these "other" groups and create individual authorizations for them.
Especially when new user groups are created, the fallback policies automatically apply to them without the GIS administration having to intervene.
Many improvements to the user experience are hardly noticeable at first glance, but in day-to-day use they make work easier in the long term. For this reason, the con terra UX team is not only involved in customer projects, but also provides support in improving our own products.
In version 1.7, various processes in the Manager user interface have been optimized to reduce mouse clicks and interactions. This can be seen, for example, in the changed operation of the filter function in the Manager UI. The language setting is now also designed to be changed more easily, and the selected language is retained for the next browser session. Initially, the language setting of the respective user from the ArcGIS Enterprise Portal user profile is used.
However, UX improvements are not only noticeable in the web interfaces, but also, for example, in our JSON schema, which supports the management of policies with many templates and validations, and which is regularly improved.
OGC API Features
With ArcGIS 11, ArcGIS Server has the option of providing an OGC API Features interface. This new generation of OGC services, which in contrast to the WFS specification was developed according to modern REST principles, will be the future standard for interoperable exchange of geodata.
Of course, support for the OGC interfaces is also relevant for security.manager, so from this version onwards, an implementation for OGC API features will supplement the existing WMS support.
However, due to a caching problem in ArcGIS Server, the same level of security cannot currently be achieved via the OGC API interface as for the other interfaces supported by security.manager, so this function must initially be marked as "experimental" and is deactivated by default.
However, it can be activated for test and experimental purposes so that you can already test use cases that you can then implement in a subsequent ArcGIS Server version. If you are interested, please contact us.