M.App Enterprise Discussions

Discuss topics with other M.App Enterprise Product pioneers and experts to get the most out of it.
Showing results for 
Search instead for 
Do you mean 
Regular Contributor
Posts: 246
Registered: ‎10-26-2015
Accepted Solution

Security Model Design

Can someone confirm my understanding of the security model in M.App Enterprise is as follows:


A role does not contain any restrictions on data for a Desktop M.App, only which users are members of the role and which Apps the role has access to.


If I need to secure access to data in a Desktop M.App for different users I must create seperate legends and seperate Apps?


This is going to create an admin overhead to maintain multiple legends and apps for a large organisation with various groups of users and isn't very "enterprise" in design.




Technical Evangelist
Posts: 178
Registered: ‎03-03-2016

Re: Security Model Design

If fact it's the easiest and most maintainable way to deal with legends on different roles. (Even in an enterprise approach)


Here's an example:

A field worker has for sure other layers visible than a supervisor back in the office. And for sure they will have different Apps that they need for daily work. So it's natural that you end up with 2 legends & 2 apps. 


In Smart Client you had the same thing but twice as complex. You had one big legend and then a complex claim management to reduce the actual layers based on the role. The biggest disadvantage was that you never saw the actual legend until you logged in the application with the correct role.


So I don't see any admin overhead at all...

Regular Contributor
Posts: 246
Registered: ‎10-26-2015

Re: Security Model Design

Thanks Thomas for your reply. Does Smart Client support role inheritance (I believe via the "Groups" functionality) enabling an Administrator to create a "base" role that all users are members of (providing access to common datasets and functionality) and then users are assigned additional roles to provide additional access to data and functionality. This then provides a easy method for updating the data and functionality in the "base" role and all users inherit the changes.


If I understand the design of M.App Enterprise security there is no role inheritance? 




Frequent Contributor
Posts: 150
Registered: ‎04-29-2016

Re: Security Model Design



I think that, In this way, if the manager wants to share a bookmarks, redlines with the field worker, he can not do that as they are using different applications. Is there is any suggesions regarding this issue??




Maha Kamal
Posts: 1,131
Registered: ‎10-18-2015

Re: Security Model Design

Hi guys,


M.App Enterprise has been designed to make the administration as easiest as possible. As Thomas said in GMSC we had many options to setup the application and to create a different experience for different users and roles. But this was difficult to setup and sometimes even to understand (at least for non advanced users). 

Anyway the main reason to use such a soultion was mainly because we can setup only one application; and to make it different we have the need to have inheritance, feature access level rights and so on.


In M.App Enterprise we are free to setup several different applications, rich clients, browser based clients and in the feature mobile apps. So I would think to the setup in a very different way we are used to with GMSC, we have to change approach.


About redlining sharing: it is not really an issue, you can configure different legends with common layers.




Stefano Turcato
Presale Engineer
Hexagon Geospatial