User Types
This is where most documents become trash because they say “admin/user.” That is lazy. LuciadFusion security is role-based and tied to Spring Security roles. Users and roles are not managed by LuciadFusion itself; LuciadFusion consumes authenticated users and their roles from the configured authentication system.
Practical user types
A. Platform Administrator
Purpose:
- full system administration
- Studio access
- access rule setup
- service exposure control
- database/configuration ownership
Relevant property:
fusion.accessControl.adminRoledefines which enterprise role is treated as admin.
B. Data Manager / GIS Publisher
Purpose:
- upload/crawl/manage datasets
- create products
- configure styling
- publish services
Note:
- only administrators can add new data when access control is active, because there is no general CREATE permission for non-admin roles.
C. Service Consumer / Application User
Purpose:
- consume WMS/WFS/WMTS services through LuciadRIA or other clients
- read only or restricted access
D. External / Anonymous Consumer
Purpose:
- access selected public services only if anonymous access is allowed by endpoint/service configuration.
Data permissions
LuciadFusion documents these permissions for data resources:
- READ
- UPDATE
- DELETE
- MANAGE
There is no CREATE permission for regular roles. Only admin users can add new data. Access can also be restricted by scale range and geographic area for READ access.
CCR wording
The target operating model distinguishes platform administrators, data managers, and service consumers. Role-based access control is enforced through Spring Security role resolution and LuciadFusion access rules. Administrative access is mapped using the configured administrator role, while business users and consuming applications receive only the minimum required permissions such as READ access to published resources.