<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:Z="urn:schemas-microsoft-com:" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:"MS Mincho";
        panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"\@MS Mincho";
        panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
        {font-family:"MS Sans Serif";
        panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:7.5pt;
font-family:"MS Sans Serif","sans-serif"'>Currently if an Author wants to deny
a user from seeing a layer in a map they have to remove permissions on the
Feature Source that the layer is built on. The result is that the layer appears
in the legend, but fails to load and generates an error in the server error
log. If the Author removes permissions from the layer an error occurs and the
Map fails to load. This may be as designed, but it is not logical.<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:7.5pt;
font-family:"MS Sans Serif","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:7.5pt;
font-family:"MS Sans Serif","sans-serif"'>Ideally Authors might want to remove
permissions on the layer so that at runtime it is not processed and is in
effect invisible to the user. No security errors should be logged because the
failure to process is intentional. If they were to be logged we would likely
need to enhance our Error logging mechanism to create classes of errors such as
Error, Warning or Information. That way Permission type errors could be
Warnings. Administrators would then need the option to filter out the Types of
errors that get logged because it's possible that with a large number of users
the many Permissions Warnings could be logged effectively spamming the
logfiles.<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:7.5pt;
font-family:"MS Sans Serif","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:7.5pt;
font-family:"MS Sans Serif","sans-serif"'>This is almost in contradiction to
our need to provide feedback to the end user when a layer fails to load for
some reason. I can see cases where actual errors such as feature source not
found are communicated to the user via the legend in the map for example. The
user could click on the legend entry and get error details perhaps. In MapGuide
6.5 we would render an X over the icon in the legend to indicate it failed. Of
course if the user uses a new Flexible/Fusion Layout where the legend is not
visible we might need another mechanism to indicate a failure.<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:7.5pt;
font-family:"MS Sans Serif","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"MS Sans Serif","sans-serif"'>The
concept of applying our permissions model to resources should be extended to
Groups in a Map. Authors should be able to set permissions on a Group in a Map
and deny access to users or User Groups to control whether the group is even
visible to the end user in the Map. I think to properly implement the
Permissions enhancements we should combine those changes with the Error logging
enhancements.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"MS Sans Serif","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"MS Sans Serif","sans-serif"'>Has
anyone desired such functionality or alternately built maps on the fly to add
layers based on what their uses have rights to? I’m curious if the
suggested improvements would be worthwhile and alleviate current grief.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"MS Sans Serif","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"MS Sans Serif","sans-serif"'>Regards,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"MS Sans Serif","sans-serif"'>Dave</span><o:p></o:p></p>
</div>
</body>
</html>