When using Spectrum Spatial Connect (SSC) or Buzzy, you can access Spectrum Spatial to add layers to a map. This access uses various APIs including an internal REST API called the Named Resource REST API, which is the same API used by Spectrum Spatial Manager. This service is intended for management of the Spatial repository and therefore has access restrictions which have been enhanced in Spectrum version 2019.1 onwards
From version 2019.1 of Spectrum this API is only available to users who are members of one of these predefined roles; admin , spatial-admin and spatial-sub-admin . Other users who use this API will receive an unauthorised error. In order to access and describe layers, the user account entered for a Spectrum Spatial service in SSC needs to be a member of one of these 3 admin roles.
Admin and spatial-admin roles can see and describe all the available layers in Spectrum Spatial.
Spatial-sub-admins however are further restricted. They can only see and describe layers in repository folders where they have folder permissions. By using folder permissions admins can grant management access to sub-admins for certain parts of the repository while keeping the remainder secure. If using an account that is a spatial-sub-admin, an admin or spatial-admin must first grant folder READ or folder WRITE permissions to the repository folders that contain the layers and tables this user can access.
For further background information on security in Spectrum Spatial please review the documentation here:
The available pre-defined roles and their purpose
The different types of permissions including folder ACL
Services and activities that users with different roles and permissions can access
How to grant folder permissions to users in Spatial Manager