Managing data access

For GeoSpock database users to be able to access and query a dataset, they need to be granted permission to do that. Access to the ingested data is controlled by using groups. Each group contains one or more GeoSpock database users, and can be granted permission to use one or more datasets. This means if you ingest a dataset, to be able to query that ingested data, you will need to be a member of a group that has been granted permission to access that dataset. You use the GeoSpock CLI to create groups, assign users to those groups and give groups permission to access a dataset. For more information about the GeoSpock CLI, see The GeoSpock CLI.

Using the GeoSpock CLI to manage access to your data, you can:

For information on how to give a group permission to access a dataset, see Adding permissions to your ingested data.

Creating a group

Use the following command to create a group that you can add users to:

geospock group-create --group-name <group_name>

Say, for example, that you want to create a group called newGroup, you would use the following command:

geospock group-create --group-name newGroup
{
    "groupName": "newGroup",
    "usernames": []
}

For more information about this command, use the GeoSpock CLI's help command.

Adding GeoSpock database users to a group

You can add a GeoSpock database user to the group using the following command and their username:

geospock group-add-user --group-name <group-name> --username <username>

If your deployment uses:

  • built-in identity provision (Auth0), username is the user's email address
  • custom identity provision (AWS Cognito or LDAP), username is the user's existing corporate username; a user does not require a Geospock database account in order to be added to a group

See User authentication and authorization in the GeoSpock database for more information about identity provision.

So, if your deployment is using custom identity provision and you want to a user, who username is corporate.user, to your new group, the command will look like this:

geospock group-add-user --username corporate.user --group-name newGroup
{
    "groupName": "newGroup",
    "usernames": [
        "corporate.user"
    ]
}

For more information about this command, use the GeoSpock CLI's help command.

Listing the groups

You can use the GeoSpock CLI to list the groups that have been created and the users that are assigned to each group using the following command:

geospock group-list 

For example:

geospock group-list 
[
    {
        "groupName": "newGroup",
        "usernames": [
            "corporate.user"
        ]
    }
]

For more information about this command, use the GeoSpock CLI's help command.

Removing a GeoSpock database user from a group

To remove a user from a group, use the following command:

geospock group-remove-user --username <username> --group-name <group-name> 

If your deployment uses:

  • built-in identity provision (Auth0), username is the user's email address
  • custom identity provision (AWS Cognito or LDAP), username is the user's existing corporate username; a user does not require a Geospock database account in order to be added to a group

See User authentication and authorization in the GeoSpock database for more information about identity provision.

For example, if you later decide that you want to remove corporate.user from newGroup, use the following command:

geospock group-remove-user --username presto.user1@example.com --group-name newGroup 
{
    "groupName": "newGroup",
    "usernames": []
}

For more information about this command, use the GeoSpock CLI's help command.

Removing a user from all groups

If your deployment is using custom identity provision, you can use the group-all-remove-user command to remove a user from all the groups they belong to, effectively removing their access to the data in the Geospock database:

geospock group-all-remove-user --username <username> 

For more information about this command, use the GeoSpock CLI's help command.

Deleting a group

Use the following command to delete a group:

geospock group-delete --group-name <groupName>

To delete newGroup, your command would look like this:

geospock group-delete --group-name newGroup 
{
    "deletedGroupId": "newGroup"
}

For more information about this command, use the GeoSpock CLI's help command.