Managing group access

For GeoSpock database users to be able to access and query a dataset, they need to be granted permission to do that. Access to the ingested data is controlled by using groups. Each group contains one or more GeoSpock database users, and can be granted permission to use one or more datasets. This means if you ingest a dataset, to be able to query that ingested data, you will need to be a member of a group that has been granted permission to access that dataset. You use the GeoSpock CLI to create groups, assign users to those groups and give groups permission to access a dataset. For more information about the GeoSpock CLI, see The GeoSpock CLI.

Using the GeoSpock CLI to manage access to your data, you can:

For information on how to give a group permission to access a dataset, see Adding permissions to your ingested data.

Creating a group

Use the following command to create a group that you can add users to:

geospock group-create --group-name <group_name>

Say, for example, that you want to create a group called newGroup, you would use the following command:

geospock group-create --group-name newGroup
{
    "groupName": "newGroup",
    "usernames": []
}

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration MODIFY permissions; refer to Managing administrator access for more information about user administration permissions.

Adding GeoSpock database users to a group

You can add a GeoSpock database user to the group using the following command and their username:

geospock group-add-user --group-name <group-name> --username <username>

It is recommended that usernames do not contain any special characters as this may interfere with user authentication.

If you want to a user, who username is corporate.user, to your new group, the command will look like this:

geospock group-add-user --username corporate.user --group-name newGroup
{
    "groupName": "newGroup",
    "usernames": [
        "corporate.user"
    ]
}

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration MODIFY permissions; refer to Managing Administrator Access for more information about user administration permissions.

Listing the groups

You can use the GeoSpock CLI to list the groups that have been created and the users that are assigned to each group using the following command:

geospock group-list 

For example:

geospock group-list 
[
    {
        "groupName": "newGroup",
        "usernames": [
            "corporate.user"
        ]
    }
]

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration VIEW permissions; refer to Managing Administrator Access for more information about user administration permissions.

Removing a GeoSpock database user from a group

To remove a user from a group, use the following command:

geospock group-remove-user --username <username> --group-name <group-name> 

For example, if you later decide that you want to remove corporate.user from newGroup, use the following command:

geospock group-remove-user --username presto.user1@example.com --group-name newGroup 
{
    "groupName": "newGroup",
    "usernames": []
}

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration MODIFY permissions; refer to Managing Administrator Access for more information about user administration permissions.

Removing a user from all groups

You can use the group-all-remove-user command to remove a user from all the groups they belong to, effectively removing their access to the data in the Geospock database:

geospock group-all-remove-user --username <username> 

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration MODIFY permissions; refer to Managing Administrator Access for more information about user administration permissions.

Deleting a group

Use the following command to delete a group:

geospock group-delete --group-name <groupName>

To delete newGroup, your command would look like this:

geospock group-delete --group-name newGroup 
{
    "deletedGroupId": "newGroup"
}

For more information about this command, use the GeoSpock CLI's help command.

This command requires user administration MODIFY permissions; refer to Managing Administrator Access for more information about user administration permissions.