# Managing Permissions Permissions in JMap are divided into two families: permissions for the users of applications (Pro, Web, NG and Survey) and permissions for the administrators (JMap Admin). ## User permissions User permissions determine what the users can do inside JMap Pro, JMap Web, and JMap Survey applications. The following table presents the different permission groups that are available for the users.


Permissions on projects	See section Project Permissions for more information.
Permissions on layers	See section Layer Permissions for more information.
Permissions on personal layers	Create personal layers This permission gives a user the right to create personal layers in JMap Pro applications. By default, JMap users are not allowed to create personal layers. You can configure this permission in subsection Permissions of the JMap Server section.
Permissions on forms	See section Database Forms for more information.

## Administrator permissions Administrator permissions determine what JMap administrators are authorized to do in JMap Admin. Some permissions are global (permissions to do some tasks) while other permissions apply to specific resources. Several of the global permissions are configured in the **Permissions** subsection of the JMap Server section. The following table describes the **global administration permissions**:


Access JMap Admin	This permission is required for an administrator to access JMap Admin. After the installation of JMap, only the administrator user has this permission. Note that the password is initially left empty for this user. It is strongly recommended to enter a password for the administrator user. See section Users and Groups for more information on modifying passwords. Also make sure to leave at least one user with this permission and with a known password. Otherwise, it will be impossible to access JMap Admin.
Create database	This permission is required for an administrator to create new databases in JMap Admin.
Create remote connection	This permission is required for an administrator to create new connections to remote JMap Server instances in JMap Admin.
Create deployment	This permission is required for an administrator to create new application deployments in JMap Admin.
Create metadata templates	This permission is required for an administrator to create new metadata templates in JMap Admin.
Create style templates	This permission is required for an administrator to create new style templates in JMap Admin.
Create project	This permission is required for an administrator to create new projects in JMap Admin.
Create data source	This permission is required for an administrator to create new spatial data sources in JMap Admin.

Administration **permissions that are specific to resources** determine what an administrator can do with each resource. The following table describes those permissions:


Access …	The administrator can view the detailed information of a resource and use the resource, but cannot modify it. Example To use a spatial data source in order to create a layer, the administrator must at least have the Access permission on the data source.
Administrate …	Allows the administrator to modify the resource and manage the user permissions for the resource. Does not allow the administrator to delete the resource or manage its administration permissions. Example To add a layer in a project, the administrator must have the Administrate permission for the project.
Use SQL console	(Applies only to databases) Allows the administrator to use the SQL console on the database. The SQL console is used to show the database structure and to execute SQL queries on the database.
Remote access	Allows the administrator to access the resource from another instance of JMap Server. This permission is generally granted to a generic account used to open communication sessions between different instances of JMap Server. For more information, see sections Sharing Layers and Sharing Spatial Data Sources.

## Owners of a resource Most resources managed in JMap Admin have one or more owners. Owners of a resource are the only ones that are allowed to: * manage administration permissions for the resource; * manage the list of owners for the resource; * delete the resource. ## Super administrators Super administrators are special accounts that can do everything in JMap Admin. They are the only ones who are allowed to: * manage the list of super administrators; * manage global administration permissions; * manage users and groups; * modify JMap Server’s working parameters; * display the log files; * import and export configurations. You can manage the list of super administrators from subsection **Permissions** in section JMap Server. Select the **Super administrators** tab. The following table presents administration tasks with examples, and indicates which profile or permission is required to perform each task. | **Tasks** | **Super Administrator** | **Administrator** | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | --------------------------------------------- | | **Access JMap Admin** | YES | If permission **Access JMap Admin** | | **Manage the list of Super administrators** | YES | NO | |

Manage global administration permissions
• Give an administrator permission to create projects
• Remove an administrator’s permission to create spatial data sources
• Give an administrator permission to create metadata templates for layers.

| YES | NO | |

Perform management tasks for JMap Server
• Modify JMap Server’s working parameters (ports, memory, etc.)
• Manage users and groups
•Import and export JMap Server configurations
• View log files or modify their settings

| YES |

NO
Can change user account password

| |

Create a resource
• Create a project
• Create a database
• Create an application deployment

| YES | If permission **Create …** | |

Use a resource
• Use a database to create a spatial data source
• Use a data source to create a layer
• Use a connection to JMap Server to create a layer by reference

| YES | If permission **Access …** | |

View detailed information about a resource
• Click on a database and view all of its parameters
• Click on a project to view all of its parameters

| YES | If permission **Access …** | |

Modify a resource
• Change the name of a project
• Add a layer in a project
• Modify the connection parameters for a database
• Modify the projection of a spatial data source

| YES | If permission **Administrate …** | |

Delete a resource
• Delete a project
• Delete an application deployment
• Delete a style template

| YES | If owner of the resource | |

Manage user permissions of a resource
• Give a user permission to open a project
• Give a user permission to edit the elements of a project layer
• Remove a user’s permission to copy the data of a project layer

| YES | If permission **Administrate** | |

Manage the administrator permissions of a resource
• Give an administrator permission to use a spatial data source
• Give an administrator permission to modify a project
• Remove an administrator’s permission to modify a database

| YES | If owner of the resource | | **Manage the list of owners of a resource** | YES | If owner of the resource | ## Permission reports Permission reports allow you to view all the permissions that a user or a group has on a single report. A permission report is a convenient way to get the information without checking every resource. The reports are accessible from the **Users** and **Groups** tabs in the **Users / Groups** section, by clicking on ![](https://2224254070-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDUF1p2rT0hfE3QBlbbvE%2Fuploads%2FjsqTylFYkS1Li0X8qcqC%2Fpermissions.png?alt=media\&token=f4492081-aa86-443e-8dec-48506806f24f).