5.13. Administrative tasks

5.13.1. Language change

Any authorized user can switch the interface language. To do this, in the upper right corner on the user icon, go to the “Settings” section (Pic. 5.179.).

../../_images/admin_settings_lang_en.png

Pic. 5.178. Go to Settings bar

The following languages are available for selection (Pic. 5.178.)

  • Default browser

  • Russian

  • English

  • Bulgarian

  • Chinese

  • Czech

  • French

  • German

  • Italian

  • Spanish

  • Portuguese

../../_images/admin_select_lang_en_2.png

Pic. 5.179. Selecting language

5.13.3. User activity log

User requests to the Web GIS are logged in a journal. It can be found in the Info section of the Control panel of the Web GIS (Pic. 5.181.).

../../_images/control_panel_audit_en.png

Pic. 5.181. Request journal in the Web GIS Control panel

The log is presented in a form of a table that has a set of filters above it (Pic. 5.182.). Every user action is registered in the journal. The entry contains the following details:

../../_images/user_activity_log_en.png

Pic. 5.182. Activity journal

You can filter the journal entries by time period and user performing the action (Pic. 5.183.). The table, filtered or otherwise, can be exported as a CSV file.

../../_images/audit_filter_en.png

Pic. 5.183. Filtering by timestamp and user

To view the complete text of the request click on the corresponding entry (Pic. 5.184.).

../../_images/audit_log_entry_en.png

Pic. 5.184. Log entry

5.13.4. Create new user group

A dialog for creation of a new user group presented on Pic. 5.185. To open this window select “Control panel” (see Pic. 5.6.) in the main menu (see item 1 in Pic. 5.5.). From the control panel (see Pic. 5.7.) go to the “Groups” page and click Create.

../../_images/admin_controlpanel_usergroup_create_eng_2.png

Pic. 5.185. “Create new group” dialog

In “Create new group” dialog enter full name and group name (short name), if necessary enter a group description, set group members and click “Create”. Set “New users” flag for a group to automatically assign new user to it.

Note

A name for a group should contain only letters and numbers.

5.13.5. Create new user

A dialog for creation of a new user is presented on Pic. 5.186.. To open this window select “Control panel” (see Pic. 5.6.) in the main menu (see item 1 in Pic. 5.5.). From the control panel (see Pic. 5.7.) go to the “Users” page and click Create.

../../_images/admin_controlpanel_user_create_eng_2.png

Pic. 5.186. “Create new user” dialog

In “Create new user” dialog enter the following information:

  • Full user name (e.g. John Smith)

  • Login – user login (e.g. smith)

  • Password

  • Group(-s) user belongs to (select from a dropdown menu. If the required group is absent you need to create a new one (see Create new user group)).

  • Interface language for the user

You can add some more information about the user in the “Description” field.

Then click “Create”.

Note

The password is limited in length in the range of 5-25 characters. Login can have symbols of the Latin alphabet, numbers and an underscore, but must begin necessarily with a letter.

5.13.6. Disable or delete users

In the main menu (see item 1 in Pic. 5.5.) open the Control panel (see Pic. 5.6.) and select “Users”. Each user has “Edit” and “Delete” icons on the right end of the line.

../../_images/admin_controlpanel_user_list_en.png

Pic. 5.187. User list

On the editing page you can modify properties of the user and disable the user. Tick “Disabled” and press Save.

../../_images/admin_controlpanel_user_disable_en.png

Pic. 5.188. Disabling the user

Users that are turned off in this fashion do not count in the user limit of your plan. It allows you to enable various users as needed, all within the limits of your current plan.

If you need to delete a user permanently, you can do so by pressing the “Delete” icon in the user list (see Pic. 5.187.) and confirming the action in the pop-up window.

Alternatively, you can open the editing page and press Delete.

5.13.7. Access management

NextGIS Web is resource based so each component (layer, group, service) is a resource. NextGIS Web provides extended settings for resource access permissions.

Permissions could be set during resource creation (see. Adding resources), or using resource update (see. Vector layer settings) To manage permissions use a “Permissions” tab in create/update resource dialog (see. Pic. 5.189.)

../../_images/access_rights_tab.png

Pic. 5.189. Permissions tab for resource

You can grant, revoke and update permissions using this tab. You can grant different permissions to a single resource for different users and/or groups. A dialog with permission item settings is presented on fig. Pic. 5.190..

../../_images/access_rights_dialog.png

Pic. 5.190. Permission item settings dialog

A dialog has the following elements:

  • Action

  • Principal

  • Permission

  • Resource

  • Propagate

Action defines the kind of the rule - allow or deny.

Note

By default everything is denied.

Principal - a user or a user group who is subject to a rule.

Besides standard users created by administrator, system has special system users:

  • administrator - Web GIS user which has administrative rights

  • owner - Web GIS user which created a particular resource

  • guest - Web GIS user which is accessing a particular resource without being authentificated (not logged in)

  • authenticated - authenticated Web GIS user under any account (but not guest)

  • everyone - all users including guests and authenticated

Besides standard groups created by administrator, system has special system user groups:

  • Administrators - a group whose users have administrative rights

  • Editors - a group, whose users do not have access to the control panel, but can create, edit and manage data

Adding users to this groups is a convenient way to set appropriate permissions across the whole system. These groups can’t be removed.

Permission - defines allowed or denied action with the resource. There are the following types of permissions:

  • All resources: All permissions

  • Resource: All permissions

  • Resource: Manage children

  • Resource: Change permissions

  • Resource: Read

  • Resource: Create

  • Resource: Update

  • Resource: Delete

  • Service: All permissions

  • Service: Connect

  • Service: Configure

  • Data structure: All permissions

  • Data structure: Write

  • Data structure: Read

  • Connection: All permissions

  • Connection: Write

  • Connection: Read

  • Connection: Connect

  • Web map: All permissions

  • Web map: Edit annotations

  • Web map: View annotations

  • Web map: Display

  • Collector: All permissions

  • Collector: Read

  • Data: All permissions

  • Data: Write

  • Data: Read

  • Metadata: All permissions

  • Metadata: Write

  • Metadata: Read

Resource - type of resource the rule created for. This setting is important for resource groups where it is required to grant permissions only to some types of resources. If there is no need to grant different permissions to different types of resources, select “All resources” for this setting.

Propagate checkbox defines if permission rules need to be applied to resources in sub-groups or not. Note, that setting permissions for lower level resource and propagating doesn’t cancel the need to set them for upward resources. For example, if you gave read access to a resource group that is contained by other groups, but you didn’t give appropriate permissions for higher level resources (up to root) the user will not get access to current resource group.

Permissions could be assigned to resources indirectly. For example permission “Web map: Display” could be assigned for a resource group and if a “Propagate” checkbox is checked this rule will be applied to every web map inside this resource group and inside all the subgroups.

Here is a description for available permission types.

All resources: All permissions - allows or denies any actions with resources.

Resource: All permissions - allows or denies any actions with resources excluding resource groups.

Resource: Manage children - allows or denies update of child resources settings.

Resource: Change permissions - allows or denies access permissions management for a resource.

Resource: Read - allows or denies reading of resources.

Resource: Create - allows or denies creation of resources.

Resource: Update - allows or denies modification of resources.

Resource: Delete - allows or denies deletion of resources.

Service: All permissions - allows or denies any actions with a service.

Service: Connect - allows or denies connections to a service.

Service: Configure - allows or denies modification of service setiings.

Data structure: All permissions - allows or denies any actions with data structure.

Data structure: Write - allows or denies modification of data structure.

Data structure: Read - allows or denies reading of the data structure.

Connection: All permissions - allows or denies any actions with connections.

Connection: Write - allows or denies modification of connections.

Connection: Read - allows or denies reading of connection parameters.

Connection: Connect - allows or denies usage of connection (defines if layers and data from the connection will be available for a user).

Web Map: All permissions - allows or denies any actions with a Web Map.

Web Map: Display - allows or denies display of a Web Map.

Data: All permissions - allows or denies any actions with data.

Data: Write - allows or denies data modification.

Data: Read - allows or denies reading of data.

Metadata: All permissions - allows or denies any actions with metadata.

Metadata: Write - allows or denies modification of metadata.

Metadata: Read - allows or denies reading of metadata.

When you assign rights to a particular resource take into account the rights of its constituent resources. For example to provide access to a WMS service you should grant the following permissions:

  • Service: Connect - to a connection itself.

  • Resource: Read - to all resources (vector and raster layers) published with WMS service.

  • Data structure: Read - to all resources (vector and raster layers) published with WMS service.

  • Data: Read - to all resources (vector and raster layers) published with WMS service.

If you have a complex system with several maps and different users who should work with these maps you can create user groups. You can assign different permissions to every group.

5.13.8. Example: Assigning permissions

5.13.8.1. Close a group for guests, open it for the user

../../_images/access_rights_group_for_quest_1_eng.png

Pic. 5.191. Settings for resourse group

../../_images/access_rights_group_for_quest_2_eng.png

Pic. 5.192. Settings for root resource group

You can also allow the user reading all higher resource groups as alternative.

5.13.8.2. Grant guest user resource display permission

Note

Guest users will be able to see administrative interface and view all folders excluding especially closed ones.

../../_images/access_rights_group_for_quest_0_eng.png

Pic. 5.193. Settings for root resource group

../../_images/access_rights_group_for_quest_webmaps_eng.png

Pic. 5.194. Settings for resourse group with maps

../../_images/access_rights_group_for_quest_geodata_eng.png

Pic. 5.195. Settings for resource group with geodata

5.13.8.3. Grant guest user Web Map display permission

Note

Guest users will be able to see only a Web Map with layers

../../_images/Case2_Main_resource_group.png

Pic. 5.196. Settings for main resource group

../../_images/Case2_mapfolder.png

Pic. 5.197. Settings for resourse group with maps

../../_images/Case2_datafolder.png

Pic. 5.198. Settings for resource group with geodata

It is important to note that parent resources (if any) also need read permissions for the guest (see. Pic. 5.199.) If there aren’t rights to ‘read’ resource, then the data propagated to it will also be impossible to read.

../../_images/Case2_permissions.png

Pic. 5.199. Set in other resource groups

5.13.8.4. Grant a single user permissions to a single resource group

../../_images/access_rights_group_for_user_1.png

Pic. 5.200. Settings for a resource group

../../_images/access_rights_group_for_user_2.png

Pic. 5.201. Settings for root resource group

5.13.8.5. Grant a permission to input data using a mobile application to a group of users

Create a separate group of users (“Contributors” in this example) and a separate resource group.

../../_images/access_rights_group_for_mobile_import_1.png

Pic. 5.202. Settings for a resource group

../../_images/access_rights_group_for_mobile_import_2.png

Pic. 5.203. Settings for root resource group

5.13.8.6. Disallow view of Web Map to all not authendificated users, grant view to authendificated users

../../_images/access_rights_deny_webmap_guests_allow_logined.png

5.13.8.7. Disallow all access for guest users (without password)

../../_images/access_rights_deny_all.png

5.13.9. Update user password

To update user password you can use administrative interface. To do it select “Control panel” (see Pic. 5.6.) in the main menu (see item 1 in Pic. 5.5.). In control panel (see Pic. 5.7.) select “List” option in “Users” block and click pencil icon near the user you want to update password for (see Pic. 5.204.). In opened window in “Password” field select “Assign new” in the dropdown menu, fill in a new password and click Save button.

../../_images/ngweb_change_password_eng_2.png

Pic. 5.204. User editting window

Also there is an option to change user password using command line:

Warning

Setting a password using a command line is not safe.

env/bin/nextgisweb --config config.ini change_password user password
env/bin/nextgisweb --config config.ini change_password user password

Note

The password is limited in length in the range of 5-25 characters.

5.13.10. Storage

The “Storage” section contains information about the volume of data loaded into Web GIS depending on their type. The space usage estimate is located below the main table. The administrator can forcibly recalculate the amount of storage (for example - immediately after loading big data, if the system has not yet recalculated the occupied space on its own).

../../_images/admin_storage_panel_settings_eng.png

Pic. 5.205. Storage section

5.13.11. Backups

In this section you can see a list of available NextGIS Web backups, as well as download any of them. The process of creating backups and restoring for developers is described in this section.

5.13.12. System information

Through the control panel, the administrator can view information about the system and the current version of the platform (see Pic. 5.206.). Using the icon in the upper right corner, you can copy all this data to the clipboard.

../../_images/admin_system_info_eng_2.png

Pic. 5.206. System information section in the control panel

../../_images/admin_system_info1_rus_eng.png

Pic. 5.207. System and platform information

5.13.13. Resource export

This function shows in the Web GIS interface the ability to export (save) data only for those categories of users that are selected from the list below.

../../_images/admin_system_res_export_en.png

Pic. 5.208. Selecting a category of users entitled to export data

../../_images/admin_system_export_en.png

Pic. 5.209. Data export

The Data Export function can be seen either only by administrators or by users with the right to:

  • Reading data

  • Writing data

All other users will not be able to save data from the Web GIS interface.

Note

This setting does not in any way affect the ability to receive data through the REST API in accordance with the set permissions to them.

5.13.14. Web Map Settings

Using the control panel administrator can set a number of general settings for all Web Maps in NextGIS Web:

  • Visibility of the navigation menu for guests;

  • Identification popup parameters;

  • Measurement units;

  • Address search parameters;

  • Legend visibility.

../../_images/admin_webmap_panel_settings_eng_3.png

Pic. 5.210. Web Map Settings Page

5.13.14.2. Identify popup

The section regulates two parameters:

  • Size of the pop-up window when identifying objects on the Web Map;

  • The radius of the area around the object within which the identification works.

Dimensions are in pixels.

../../_images/admin_webmap_panel_indentify_eng.png

Pic. 5.212. Object identification on the Web Map

At the same time you can turn on/off the display of feature attributes.

5.13.14.3. Measurement

The section sets the parameters responsible for various measurements on the Web Map:

  • Units of length measurement (according to the selected SRS)

  • Units of measurement of areas (in accordance with the selected SRS)

  • Degree format

  • Coordinate system for calculating measurements

5.13.15. Customize the design with CSS

You can modify the look of NextGIS Web using CSS. From the main menu (see Pic. 5.5.) open the Control Panel (see Pic. 5.6.). In the Control Panel (see Pic. 5.7.) select Custom CSS in the Settings section. Here you can enter your own CSS rules. They will be used throughout your Web GIS on all its pages.

5.13.16. Custom CSS examples

5.13.16.1. Change main Web GIS color

Affects header, symbols in the header, buttons, field contours, links highlighted on hover etc.

:root {
--primary: red
}

5.13.16.2. Change main font color

Affects menu, name and parameters of displayed resource group etc.

:root {
--text-base: #ff6600
}

5.13.16.3. Change additional font color

Affects paths for the displayed resource, parameters etc.

:root {
--text-secondary: rgb(40 200 40 / .8)
}

5.13.17. Customize NextGIS UI Elements (White label)

White label is a special module that allows you to remove or replace NextGIS logos and names with your company logos and names. The module is purchased and installed separately. The module adds a new section to the Control Panel (см. Pic. 5.215.), which allows you to disable or override various interface elements mentioning NextGIS.

../../_images/Control_panel_whitelabel.png

Pic. 5.215. ‘White label’ module in control panel

5.13.17.1. Company logo on Web Map

In Control Panel, you can upload your logo in PNG format (see in:numref:logo_whitelabel_en) to display in the lower right corner of the map.

../../_images/logo_whitelabel_en.png

Pic. 5.216. Upload company logo file

If the file is not loaded, there is no logo (see in:numref:web-map_logo).

5.13.17.2. Company URL

You can assigned a new hyperlink for a company website to a just added logo (см. Pic. 5.218.)

../../_images/url-logo_en.png

Pic. 5.218. Company URL

5.13.17.3. Help page

By default, help leads to http://nextgis.com/help/. You can set a different hyperlink (see in :numref: help_whitelabel_en) to ‘Help’ (see in Pic. 5.220.).

../../_images/help_whitelabel_en.png

Pic. 5.219. Reroute a link to ‘help’

5.13.17.4. Support URL

Also you can set URL for the technical support page (see in Pic. 5.221.).

This link will appear on error messages:

../../_images/tech_support.png

Pic. 5.221. Support URL in the interface

5.13.17.5. Other items

  • The default Web GIS name is specified without mentioning NextGIS.

  • In WMS and WFS services resources, NextGIS QGIS is replaced with **QGIS**(см. Pic. 5.222.).

../../_images/WMS_WFS_whitelabel.png

Pic. 5.222. Replacing NextGIS QGIS (left) with QGIS (right) in WMS and WFS services

  • The social networks preview mentioning NextGIS is removed (см. Pic. 5.223.).