Access Policy of TAPIS

Last updated: 15-03-2021

This Access Policy ("Policy", "Access Policy") sets a baseline standard and requires procedures for all user access (e.g. managing, reviewing and validating) to the information in website (the "Service") operated by CREAF (and GRUMETS research group) ("us", "we", or "our").

The TAPIS: Tables from OGC APIs for Sensors (or a Sensor Things API plus Explorer) is developed by the Grumets research group under the GNU Affero General Public License. The TAPIS was developed under the AD4GD and CitiObs that has received funding from the European Union's under the Horizon Europe research and innovation programme.

It is the policy of CREAF that access to the Service will be allowed only for persons who meet the conditions identified and documented in this Policy and the Terms of Use. Any person who does not meet one of these conditions shall be prohibited from access. Despite the fact that the service can be connected to other services or managed by other organizations, access is not granted to organizations or services, but to individuals using the Service. The same individual can contribute feedback to resources that are managed in several services that are owned by more than one organization. Each user editing any resource or accessing non-public domain resources shall be granted access using a unique ID and an account. Sharing of accounts without explicit permission of the administrator constitutes a Security Violation. User rights are to be granted using the principle of "Least privilege and need to know". Granting rights to an unnecessary number of resources constitutes a Security Violation.

To allow for efficiency, roles may be combined, and access rights shall be granted on the basis of potential "Need to know". We have determined an appropriate set of functional roles that adequately define what users require access to. At a minimum, the functional roles accommodate the following use types:

Access is granted to administrators based on:

Please read this Access Policy carefully before using the Service.

Your access to and use of the Service is conditioned on your acceptance of and compliance with this Policy. This Policy applies to all visitors, users and others who access or use the Service.

By accessing or using the Service you agree to be bound by this Policy. If you disagree with any part of the policy, then you shall not access the Service.

Account Types

Provisioning of accounts and their privileges across the Service must conform to the following requirements:

The users of the Service accept that accounts are managed by the service. An account may be created directly in the Service and associated to a password. Passwords are stored encrypted and will not be available to anybody, including the administrator. When a new user connects through an external authentication provider for the first time, a Service account will be automatically created. When an external authentication provider is used, no password is validated or stored by the Service (and the authentication is controlled by temporary tokens).

Access Log Inspection

The use of accounts and data will be logged and monitored by CREAF. Users agree that the logs are inspected. Logs are not to be accessible in the web.


An account may be suspended or deleted by an administrator without prior notice or liability, for any reason whatsoever, including without limitation a breach of this Policy, the Terms of Use or Security Violations. An account will be deleted under request from the user.

An audit of all accounts may be conducted to ensure that all active accounts are provisioned only to authorized individuals. Accounts inactive for more than one year may be suspended or deleted.

Governing Law

This Policy and the rest of the conditions of this site will be governed in accordance with the Spanish legislation.

Spanish law will govern any dispute or conflict deriving from this Policy or from the use of the Portal, its Contents, or its Services, or relating to any of these, while conflict-of-law provisions that could be applied will have no effect. You agree to be subject to the exclusive jurisdiction of the courts of Barcelona, to solve complaints deriving from this Policy or related to them.


We reserve the right, at our sole discretion, to modify or replace this Policy at any time. If a revision is material, we will try to provide at least 30 days' notice prior to any new policy taking effect. What constitutes a material change will be determined at our sole discretion.

By continuing to access or use our Service after those revisions become effective, you agree to be bound by the revised policy. If you do not agree to the new policy, please stop using the Service.

Contact Us

If you have any questions about this Policy, please contact us.