Fine-Grained Access Control for ArcGIS for Server
What is security.manager?
How can security.manager improve your business?
security.manager lets you stay in control of your services. By extending the security model of ArcGIS, security.manager allows GIS Administrators to define permissions not just at the service level, but also to allow authorization of content at the layer-, feature-, and even spatial level. You stay in control of the level of information provided to individual users.
Fine-grained access control is not just for protecting your assets. It is also a means to work smarter with the resources at your disposal. In the past, providing different views of data to different user groups meant publishing multiple services, each of which needed to be maintained, and which consumed valuable computing resources. With security.manager, you stay in control, not the technology. This means you can expose different views of a single service to different groups, greatly reducing the efforts and costs required to achieve your goals.
Who is using it?
security.manager is being used in a wide range of industries and government organisations, to share important data in a controlled and efficient manner. From national mapping agencies, local government, environmental, public safety agencies, right through to commercial companies in areas such as oil and gas exploration, telecommunications or insurance, pretty much any organisation can benefit from a smart security implementation.
Click on the industries below for examples of how actual customers are using security.manager to protect data and improve workflows.
Customer Type: Pipeline network operator.
Use case: For maintenance and repair, external companies are hired to work on actual projects within the pipeline network. While these companies need to access and maintain information for the part of the network they are working on, they shall not see information about other contractors, while the network operator needs to monitor all projects going on in the whole network area.
Benefit: Instead of extracting information out of the GIS system and providing it to external contractors, these companies can now work on the integrated data pool, while security.manager cares about restricting access to their actual needs. Thus, data synchronization efforts are saved and the data is always up-to-date and allows real-time information for the network operator.
Customer Type: Provider of global oil and gas exploration and production data.
Use case: Customers subscribe and pay for customised collections of exploration data, which should include access to spatial data for their chosen entitlement.
Benefit: The company uses security.manager as an integral part of their business workflow to automatically restrict customer access according to their subscription entitlements. Instead of setting up individual services per customer, services are only set up once and subscriptions are enforced by the fine-grained access control of security.manager
Customer Type: Cell phone network operator.
Use case: For business customers with a high demand for network availability, the network operator opens access to its internal incident tracking system, but only for those network cells the actual customers are using. So while the network operator manages incidents nation-wide, those premium customers get real-time information about incidents affecting them, without seeing the overall network health.
Benefit: With the ability of providing individual portions of sensitive real-time content to premium customers, a new level of service could be offered that was not possible without security.manager
Customer Type: Automobile manufacturer.
Use case: The customer uses a web app containing services that contain data about automotive suppliers, such as where they are located, what part they produce (components, engines, interiors, exteriors, electrics...). Suppliers must be rated according to how supply chains are exposed to natural and political hazards, so measures can be taken to mitigate against supply chain interruption. However, the data is commercially sensitive, so only certain user groups in the company may see certain supply chain information related to their function.
Benefit: The company had suffered manufacturing delays due to natural disasters affecting supply chains, resulting in single points of failure. By using security.manager to allow tender processes and supply chain managers for each production area to access their own geographically-based supply chain data, they can assess risks and how to mitigate against possible failures in the supply chain.
Customer Type: National retail chain.
The company is organized in several regions, and within the regions there are separate stores. Besides the store locations, many other business data are managed within the GIS. National managers can see all data and run their statistics, while the regional management only can access detailed data for their own region, while for other regions only a subset of information is visible. Individual shops can only see general figures of other shops in their region.
The different hierarchy levels within the retail company can all use the same application to run their statistics and analysis based on their GIS, while security.manager ensures that the level of information corresponds to a user's actual domain.
Customer Type: National mapping agency assigned to run a national spatial data infrastructure.
Use case: Serving a broad range of user communities, from inter-governmental departments, to local government, to the public, the national SDI must act as a clearing house for a range of data assets, both public and sensitive. The challenge is to serve those needs without costly data processing procedures and duplicate storage, every time new data is sent from data providers to the portal.
Benefit: As a data warehouse for government and public users, the NMA in question is not responsible for the processing of data from other departments, but can instead use access control to impose the required limitation, saving time and taxpayers money while fulfilling their mandate. security.manager allows restriction to specific datasets based on geography (for local government areas) or restriction of access to specific layers of information (for the public).
Use case: The distribution of refugees needs to be monitored for all cities of the state. Different departments need to get access to different kinds of information, for example, the number and location of underaged refugees for the youth welfare office in order to organize care, or nationality of the refugees for the social welfare office to avoid conflicts in the shelters they are assigned to. Furthermore, the agencies at state level shall be able to see state-wide information, while the city agencies should get access limited to the area of their city.
Benefit: Initially, the mentioned organizations used separate Excel sheets to manage their information. Due to security.manager's access control capabilities, they were able to move to a GIS-based system and provide an integrated pool of information while ensuring that sensitive data like the distribution of refugees within the state is only used in those organizations which need this information for their actual tasks.
Talk to us about your industry and security requirements.