Return Enterprise Geodatabase Dataset Permissions

mpboyle

Please create a geodatabase/arcpy tool that returns permissions on an input enterprise dataset. There are cases when we have new staff start and they need/want the same permissions as another user. It would be nice to be able to iterate over datasets in a geodatabase, get the permissions on a particular dataset and be able to check what permissions a certain user has. In this example, I could set a target user name and if found, assign the new user the same permissions as the target user.

The return could be something like either of the following:

return = [{user: UserName1, edit: True, view: True}, {user: UserName2, edit: False, view: True}]

return = [{user: UserName1, select: True, insert: True, update: True, delete: True}, {user: UserName2, select: True, insert: False, update: False, delete: False}]

ChetDobbins · ‎12-01-2023

@mpboyle

I am wondering whether using database roles would help you achieve the same solution and ultimately make managing database permissions much easier. What i am suggesting is that you would create database roles that fit each user groups specific permission needs, then grant the needed permissions to the roles. When a new staff needs to connect to the database, you can determine which permissions role they fit into and simply create a new database user and add it to that database role.

HannesZiegler · ‎12-01-2023

Please see Chet's potential solution using existing tooling in the post above this one. His question is quoted here for convenience.

I am wondering whether using database roles would help you achieve the same solution and ultimately make managing database permissions much easier. What i am suggesting is that you would create database roles that fit each user groups specific permission needs, then grant the needed permissions to the roles. When a new staff needs to connect to the database, you can determine which permissions role they fit into and simply create a new database user and add it to that database role.
-ChetDobbins

HannesZiegler

Thank you for submitting your idea for a tool to inspect enterprise geodatabase dataset permissions. We appreciate your suggestion. At this time, we are not pursuing this idea given that a best practice solution was offered, and we received no further feedback.

The solution to consider is as follows:

Create database roles
Assign users to those roles
Assign permissions to the roles that each user group requires
When a new user comes online… determine what permissions they need and assign them to the appropriate role or roles.

See the original response by @ChetDobbins:

I am wondering whether using database roles would help you achieve the same solution and ultimately make managing database permissions much easier. What i am suggesting is that you would create database roles that fit each user groups specific permission needs, then grant the needed permissions to the roles. When a new staff needs to connect to the database, you can determine which permissions role they fit into and simply create a new database user and add it to that database role.
-ChetDobbins

Thank you again for your contribution and understanding. If you have any further questions or concerns, please do not hesitate to contact us.