Creating Policies with Spatial Authorization

Open the policy for which the spatial restriction is to be created, and click New in the Obligations section.

In the window that follows, select Spatial Obligation and click Create New Obligation.

In the Spatial Obligation dialog specify a name for the obligation. The name must not contain any spaces. Include information about the spatial area of the obligation in the title to help identify it.

Now you can determine the WFS that provides the geometries used for spatial authorization and set its version. To test the connection with the WFS and to update the list of available feature types, click Connect.

Next, specify the type of data to be used for the selected geometry for this obligation. If you want to use different data types for spatial obligations in a single policy, you need to create a separate spatial obligation for each data type. The associated processing in the spatial authorization process is relatively expensive.

Note: To simplify the selection of the geometries to be used for spatial authorization, you can perform a search through all of the fields of the selected data type and then make a selection among the located geometries of those that you want to use for authorization purposes. Under Search In select the attribute for which the search is to be conducted. Under Display Field, you can decide which attribute is displayed. In the example shown "Land" is used as a search criterion for the geometries of "Kreise" (rural districts), meaning that all rural districts in North-Rhine Westphalia are searched (using a search for "Nordrhein"'). The search can be repeated as often as required.

It is also possible to employ the wildcard to substitute any combination of characters (for example A*a for Arizona). The search function distinguishes between upper and lower case letters. When geometries have been found, select those that you want to use for spatial authorization and click *Use selection for spatial authorization. The attribute selected for display and the ID of the selected geometry are shown further down. It is possible to search for and add geometries as often as required.

In the Definition of the spatial obligation section certain parameters that affect the spatial authorization can be configured.

By setting the spatial operation (intersect/inside) you decide how objects at the edges of the selected geometries are treated. Intersect means that all geometries that intersect with the selected geometry are regarded as belonging to the allowed area. If Inside is selected, the geometry must be completely enclosed within the selected geometries. When raster or image data is being processed, this decision has no relevance, because in this case the processing of the selected geometries is based on the image pixels.

The Spatial reference system field shows the spatial reference system of the selected geometries. When the Transformations allowed checkbox is checked the selected geometries are transformed to the spatial reference system of the specific request. If transformations are allowed, it is possible under certain circumstances that imprecisions in the authorization process might occur at the margins of the selected geometries. If a transformation is not permitted, only queries to the protected service in the spatial reference system stated here are possible. Queries in other spatial reference systems are rejected.

It is also possible to define a positive or negative tolerance range around the authorized geometry by specifying a buffer (in units that correspond with the spatial reference system of the authorized geometries).

In a few special cases some WFS implementations return interchanged pairs of coordinates in contrast to the selected specification set via the "WFS Version" option. You can fix this rare bad behavior by using the option "Axis order". Set it to "invert", and an interchanged order of axis (regarding the specification) is assumed for this WFS.