About access lists
This topic covers a few topics about access and access lists:
- Types of access
- Default access lists
- Ideas for creating and managing access lists
- How map editors use access lists
- What happens when the membership of an access list changes
Types of access
There are three levels of access in Maps Engine:
- Account administrators have access to all of the account's assets in Maps Engine and define access lists.
- Map editors work in Maps Engine, uploading data, creating layers, and creating maps. A map editor who uploads or creates items can share them by applying access lists. A map editor has access to a data source, layer, or map if he or she uploaded or created the items, or is included in the item's access list.
- Map viewers can view and interact with published maps. A map viewer has access to a map if he or she is included in an access list with which the map has been shared.
In addition, the creator of an asset has edit and delete permission as long as the creator is a member of at least one map editor access list for the account.
Images and terrain inherit their parent layer's edit permissions.
Default access lists
Maps Engine comes with these default access lists:
- The default map editors list, called
Map Editors. This list gives permissions to everyone in your account.
- The default map viewers list, called
Map Viewers. The permissions associated with this list aren't set.
Ideas for creating and managing access lists
An access list consists of a set of names and Google Groups.
To create access lists, consider logical groupings based on affiliations, departments, groups, or other meaningful clustering mechanisms in your organization. You could redefine the default lists or create additional lists. For example, different types of access might be appropriate for people in an imagery collection, marketing, or quality assurance department, for executives, or for those with a particular security clearance.
When creating access lists, consider the following issues:
- How will you or others maintain the access list over time as people come, go, or change roles?
- Can you use Google Groups to represent sets of users who need access to various types of maps?
- How should you name the lists so that they're easily understood? Do you need to develop a naming scheme?
If your organization is large and your access lists will comprise many people, consider creating a Google Group for each category, and map it to an access list. The following figure illustrates how you can minimize maintenance effort over time.
When you mirror groups and access lists, it's easier to delegate responsibility. If each group is maintained by a person who knows the relevant area, the right users will be automatically added to access lists.
How map editors use access lists
Once you've defined an access list, anyone working with Google Maps Engine can simply apply the access list, knowing only the name of the group it represents. The map editor doesn't need to know who the members are.
What happens when the membership of an access list changes
As people come and go or change positions, or as organizations are redefined, you'll probably be changing the composition of your access lists.
When a Maps Engine data source, layer, or map is shared with members of an access list, it's shared with the current members only. (The one exception is that the creator of an asset has edit and delete permission as long as the creator is a member of at least one map editor access list for the account.) As access list membership changes, permissions for all Maps Engine data sources, layers, and maps that use the access list also change.