con terra’s security.manager allows you to assign individual access permissions to different user groups, ensuring that everyone gets access only to what they are entitled to while saving time and resources.
The Security Concept
security.manager adds fine-grained access control to ArcGIS Enterprise services, right down to layer, spatial, object and field level. While a service is published only once, security.manager will filter the content provided to different users in accordance to the rights granted to each user’s group.
In doing this, security.manager provides a consistent user experience together with a holistic security approach. Permissions need to be explicitly expressed in the system, and users will not get any information about the existence of content they are not entitled to. Everything that is not explicitly allowed is automatically denied, thereby ensuring that access cannot be granted by accident. Take control of your services.
Making Sharing Data Easier
The usual way to deliver specific content to different user groups is to publish a separate service for each group, along with any accompanying apps needed to use that service. This may mean chopping up data for specific areas, creating maps with only the layers needed by that group or manually filtering each layer to limit what objects different users may see. Generally spending a lot of time managing data, services, and apps.
security.manager makes sharing data easier by giving you the tools to dynamically filter content from a single service. By defining a filter for each group of users that need different levels of access, you are automatically saving hours of work you would otherwise spend on creating custom services and apps. Be more efficient and free your time for more important GIS work.
Making Sharing Data Smarter
The beauty of a smart security system lies in its transparency. A user working with a service protected by security.manager will not even realize that security measures are in place. Adding security.manager to a service will not change the user experience, nor will it have a noticeable impact on performance. By integrating seamlessly, users will work as they do with every other service, just limited to the content they need, while the ArcGIS admins can be sure their data is even more secure.
Making Sharing Data More Secure
security.manager allows for the easy definition of fine-grained access rights, making your data more secure. It takes just a few clicks to assign permissions for resources, and a few more clicks to create additional filters on feature, field or spatial level. Once a right is created, it is already active, and access is granted accordingly.
Extend ArcGIS Enterprise with fine-grained access control.
Use a single service to deliver personalized content to each user group.
Save costs and efforts through more efficient use of time.
Increase security through well-defined access rights management.
Over 15 years in the market, mature and widely accepted.
Without security.manager, we would still keep our geodata in the closet and inaccessible. security.manager opens up complete new possibilities to offer GIS-based web services controlling access precisely for users with different permissions.
Eugen Gass - Wintershall Holding GmbH, Germany
security.manager NEXT is the newest product of the security.manager family and combines the advantages of its two predecessor editions. It integrates perfectly into ArcGIS infrastructures, but in the future will also be usable for alternative GIS systems based on OGC standards.
Based on many years of experience in the context of geo-security and as a result of a consistent user-centered design, security.manager NEXT is optimally tailored to the needs of GIS administrators:
security.manager NEXT allows access to GIS services to be authorized directly in the service itself. It thus acts completely transparently for applications accessing the GIS server, regardless of whether this access is made via an app, a desktop GIS or directly on the service interface.
To relieve GIS administrators of tedious routine work, security.manager NEXT is highly automatable. For this purpose, it has an interface that controls the management of permissions for all services and the activation or deactivation of access protection, regardless of the current environment (production, stage, dev, UAT, ...). This significantly simplifies operations in more complex infrastructures. In addition, the rights model is designed to avoid redundancy, so that restrictions can be defined centrally and referenced conveniently for individual services.
It is particularly important for GIS administrators to be able to quickly and effortlessly record the current status of their GIS system. For this purpose, security.manager NEXT provides an easy-to-use user interface to analyze both the permissions of individual user groups and the permissions for specific resources at a glance. This ensures that the administrator can react quickly.
The name already indicates the tight integration of security.manager ArcGIS Edition with the ArcGIS platform. By using the extension concept of the ArcGIS Server, security.manager ArcGIS Edition hooks directly into the ArcGIS Server and thus uses the interface recommended by Esri for these purposes.
security.manager ArcGIS Edition is characterised by the following features:
by using the extension mechanisms provided by Esri, security.manager ArcGIS Edition integrates seamlessly with both the REST services and the administration of ArcGIS Server.
The operation of security.manager ArcGIS Edition is based on the administration layout of ArcGIS Server and can therefore be used immediately and intuitively by ArcGIS administrators.
Since security.manager NEXT uses the same technology for the integration with ArcGIS Server as ArcGIS Edition, it will replace it in the medium term.
As a combination of user management and comprehensive access control for GIS, security.manager Enterprise Edition is the proven complete solution for geo-security. By acting as a component before the actual GIS systems, it can first authenticate all accesses to the GIS against either its own user database or connected user administrations and then authorize them according to the stored rights.
Due to its ability to secure both OGC services and ArcGIS services, it can be used flexibly even in heterogeneous GIS landscapes and impresses with its functional power:
Range of functions:
Due to the possibility to connect to Active Directories as well as SAML-2 identity federations, security.manager Enterprise Edition can be integrated very flexibly in different GIS infrastructures. It protects ArcGIS REST services as well as WMS and WFS services, independent of the GIS system used.
Since security.manager Enterprise Edition is an independent component of the GIS, it can also be scaled independently, depending on how the load is distributed between GIS and security.manager. In addition, it offers the possibility to connect and authorize further services as well as to realize a single sign-on for third party components.
In the long term, the functionalities of the security.manager Enterprise Edition will be provided completely via security.manager NEXT.
security.manager has made it possible to create one web map and one web app for each department and control how each operates. Without security.manager, we could only achieve fine level control by creating a large number of apps, map services or web maps.
Keith Gerharz - City of Winter Park, Florida