Controlling map access using the Maps Data API
Matthew Holden
programmatic map access controls and the ability to share maps
publicly without login.
To control access to a map, you can use the new mapacls feed to
control who can read and write to your map (only owners can modify
these settings). You can make a map private to only you, public to
the world, or accessible by specific collaborators. Our documentation
will be updated soon, but we wanted to give you a sneak peek here in
the forum.
We're using standard GData ACLs syntax, as described here for Google
Calendar:
http://code.google.com/apis/calendar/data/2.0/reference.html#gacl_reference
Access scopes can be:
* default -- everyone
* user:email@domain -- a specific collaborator
Access roles can be:
* none
* owner
* reader
* writer
* appender -- able to append features, but not read map metadata
* readappender -- read from the map, and append new features
Additionally, if you're building a mapping app like a store finder,
you may want to enable public (read-only) access to a map without
requiring users to be signed in to a Google Account. For this
purpose, maps now have an "api_visible" property. If this is "true"
and your map is readable by everyone, then API users can read your map
without first signing in (but only if they know your map's ID). You
can still control exactly who has access to your maps using the access
controls.
New maps created using the Maps Data API are public and api_visible by
default. Older maps, and My Maps created on maps.google.com are not
api_visible unless you set this property explicitly. However, even
public maps can only be accessed by others if they have your map's ID.
Stay tuned for updated documentation and code examples. Thanks!
Matt Holden
Product Manager, Maps Data API Team
pr
switch? afaia this is unique to this api: with spreadsheets, for
example, (at least afaia) there's no distinction between cells entered
online or via the api - the data's either public or it isn't. Why
would geo features be handled differently?
The app I have selects features from many different mymaps entered by
many different users and combines them in new ways - standard mashups
in fact. At the moment I have to take each kml dump and select the
features I want, which is very time-consuming and inefficient.
You now seem to be saying that I can now access these features via the
api, but first have to contact all of these users, most of whom know
nothing about programming and haven't a clue what an api is, and get
them to set this switch so I can access their maps in my app. I can
set up a little program for them to do this, but it's not clear to me
why this should be necessary. If the mymaps are public, why can I not
access them like any other public data? Why the extra hoop to jump
through?
pr
small example of how I set it would be useful.
pr
> also, where is the api_visible field? is it in the gd namespace? A
> small example of how I set it would be useful.
to answer my own question, it's a customProperty
<gd:customProperty name='api_visible'>1</gd:customProperty>
Barry Hunter
1) Via the ACLs does it mean the owner can add other owners (jointly
owned maps) and/or use it to transfer ownership of a map? (by adding
another owner and setting themselves to none/reader)
2) despite any ACLs assigned via the API, is the map always readable
via Google Maps website, even private/unlisted maps, provided you know
the ID.
bart (Google Employee)
> Two questions arising from this:
>
> 1) Via the ACLs does it mean the owner can add other owners (jointly
> owned maps) and/or use it to transfer ownership of a map? (by adding
> another owner and setting themselves to none/reader)
yes, you can add other owners.
you can even remove your own ACL, but that doesn't actually remove
your ownership.
> 2) despite any ACLs assigned via the API, is the map always readable
> via Google Maps website, even private/unlisted maps, provided you know
> the ID.
MyMaps ACLs default to two entries: you the owner, and readable by the
"default" scope. if you remove the "default" ACL entry, the map will
no longer be readable by anyone who knows the map id.