Managing dataset access

For GeoSpock database users to be able to query a dataset, they need to be granted permission to do that. Access to the ingested data is controlled by using groups. In order to be able to query a dataset, you need to be a member of a group that has been granted permission to access that dataset. Refer to Managing user groups for more information on setting up user groups.

Access to a dataset can be granted to a group either through schema-wide permission or for that dataset specifically. For information on granting schema-wide access to datasets, refer to Controlling group permissions.

Giving a user group permission to access a specific dataset

To enable GeoSpock database users to get access to a dataset, you need to grant a group access to a dataset. You will need GRANT permissions for the dataset schema to grant access. Use the following command to provide dataset access to a user group:

$ geospock dataset-permission-grant --dataset-name <dataset-name> --group-name <group-name> --grant-type READ

Example

$ geospock dataset-permission-grant --dataset-name nycTaxiData --group-name newGroup --grant-type READ
[
    {
        "entityId": "newGroup"
    }
]

For more information about this command, use the GeoSpock CLI's help command.

Removing access to a dataset from a user group

If you want to remove the permission from a group to access a specified dataset, use the following command:

$ geospock dataset-permission-revoke --dataset-name <dataset-name> --group-name <group-name> --grant-type READ

This command requires the user running the command to have dataset administration GRANT permissions.

Example

$ geospock dataset-permission-revoke --dataset-name nycTaxiData --group-name newGroup  --grant-type READ
[]

For more information about this command, use the GeoSpock CLI's help command.

Giving a single user permission to access a dataset

With the GeoSpock database, permissions are set on user groups. If you wish to provide access to only a single user, this can be done by creating a special group containing only that user.

To give a GeoSpock database user permission to access a dataset, you need to:

  • create a group (if one does not already exist) using the group-create command; see Creating a group
  • add the user to the group using the group-add-user command; see Adding users to a group
  • grant the new group permission to read the dataset using the dataset-permission-grant as above.