Managing user groups

When controlling access to the GeoSpock database, the first step is to create the user groups and add users to those groups.

You manage your user groups using the GeoSpock CLI. Using the CLI to manage your user groups, you can:

For information on how to give a group permission to access a dataset, see Managing dataset access.

Creating a group

Use the following command to create a group that you can add users to:

$ geospock group-create --group-name <group-name>

Say, for example, that you want to create a group called newGroup, you would use the following command:

$ geospock group-create --group-name newGroup
{
    "groupName": "newGroup",
    "usernames": []
}

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration MODIFY permissions; refer to Controlling group permissions for more information about user administration permissions.

Adding users to a group

You can add a GeoSpock database user to the group using the following command and their username:

$ geospock group-add-user --group-name <group-name> --username <username>

It is recommended that usernames do not contain any special characters as this may interfere with user authentication.

If you want to a user, who username is corporate.user, to your new group, the command will look like this:

$ geospock group-add-user --username corporate.user --group-name newGroup
{
    "groupName": "newGroup",
    "usernames": [
        "corporate.user"
    ]
}

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration MODIFY permissions; refer to Controlling group permissions for more information about user administration permissions.

Listing the groups

You can use the GeoSpock CLI to list the groups that have been created and the users that are assigned to each group using the following command:

$ geospock group-list

For example:

$ geospock group-list
[
    {
        "groupName": "newGroup",
        "usernames": [
            "corporate.user"
        ]
    }
]

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration VIEW permissions; refer to Controlling group permissions for more information about user administration permissions.

Removing a user from a group

To remove a user from a group, use the following command:

$ geospock group-remove-user --username <username> --group-name <group-name>

For example, if you later decide that you want to remove corporate.user from newGroup, use the following command:

$ geospock group-remove-user --username corporate.user --group-name newGroup
{
    "groupName": "newGroup",
    "usernames": []
}

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration MODIFY permissions; refer to Controlling group permissions for more information about user administration permissions.

Removing a user from all groups

You can use the group-all-remove-user command to remove a user from all the groups they belong to, effectively removing their access to the data in the GeoSpock database:

$ geospock group-all-remove-user --username <username>

Note that you can also prevent access to both the GeoSpock CLI and the SQL cluster by deleting or disabling a user's account in the Identity Provider (IdP).

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration MODIFY permissions; refer to Controlling group permissions for more information about user administration permissions.

Deleting a group

Use the following command to delete a group:

$ geospock group-delete --group-name <group-name>

To delete newGroup, your command would look like this:

$ geospock group-delete --group-name newGroup
{
    "deletedGroupId": "newGroup"
}

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration MODIFY permissions; refer to Controlling group permissions for more information about user administration permissions.