POST
|
I guess I should close the topic, as it turned out the problem was due to my mistake. To achieve my initial goal I had to create new custom roles (aforementioned Admin, Editor and Advanced). It turned out that I misunderstood options during creating role: Administrative Privileges-> Content -> ... I thought if I select them user will be able to see content only if it is shared with him, not see literally all services in the system. When I unchecked these options previously visible services disappeared. Maybe this will help someone. BR
... View more
02-07-2018
05:52 AM
|
0
|
0
|
1005
|
POST
|
Ok, I will try to explain the situation + workflow a bit better. Of course my environment is the same: One ArcGIS Server (where I publish the services) federated with one Portal for ArcGIS (where I have items). I have 3 users (all level 2 in Portal) Admin Editor Advanced I have two services: Service1 Service2 My environment is: ArcGIS for server federated with Portal with data for Services coming from a registered Data Store (database). What I want to achieve? To have a Web Map: Map where I want to add Service1 and Service2. Although Service2 should only be visible and editable by Advanced. Furthermore, I want to have editor tracking for those services. What I did in order to achieve that? Using Admin, I published Service1 and Service2. I shared Service1 to Editor and Advanced, and Service2 only to Advanced. I created a map where I added Service1 and Service2. What I see? I log in as Editor and I see/can edit Service1 (I want this) and Service2 (I don't want this), I log in as Advanced and I see/can edit Service1 and Service2 (those are fine). I expect to see/edit only with Advanced. Because that was not working I tried the following: Instead of using the Service2 straight ahead from the Portal Item which is automatically generated because of the Server being federated, I grab the Service definition URL from the Server and I try to create a new Portal item from it. When I do so, I have the two possibilities shown in the attachment, so just out of curiosity I published Service2_credentials and Service2_no_credentials following both of the options from the attachment. After adding those, again, I shared Service2_* only with Advanced. Following, I added Service2_* to Map. My surprise now is that altough Service2, Service2_credentials and Service2_no_credentials have the same Sharing rules. Now I log in as Editor to the map and I see/can edit: Service1 (expected) Service2 (not expected) Service2_no_credentials(not expected) - it does not prompt me for credentials; maybe it uses Editor, even though it is not shared with Editor? I cannot see and I cannot edit Service2_credentials (expected). Thus, I said, weird but perfect. Let's just keep Service2_credentials. However, I recognized that by doing so, editor tracking will always be assigned to the "saved credentials", so we are not tracking the real editor. I know that this is expected behaviour, but that is why we cannot use this particular method. I'm wondering if there's any way to obtain what I want. Thanks for the reply.
... View more
10-27-2017
01:51 AM
|
0
|
1
|
1005
|
POST
|
Hello! Lets say I have 3 services: service1, service2 and service3 (each with 2 layers, but I don't think it matters). For each service I have editor tracking enabled. My Server is federated with Portal, so each time I publish a service it gets automatically added as an item in Portal. Server and Portal are version 10.5. I want to properly assign permissions for each user, say: user1 has access to service1, service2 and service3, and user2 does not (while both have access to some other services). Both users are level 2 users, so they can edit data in all 3 services. As long as I know such permissions are set in arcgis manager ([Arcgis Server]/arcgis/manager) and in case of federated server in Portal (it is possible to do that over Arcgis Server api, but any changes are reflected on respective Portal item). Also I am aware, that an item in Portal can be shared with a group, not with a role. I tested 3 slightly different options, this is how: I created a map (lets call it map1) as administrator, and I do not share it with anyone. Now I open My Content on Portal, click Add Item->From the Web. I paste url of service2, and I get a popup similar to the one in the attachment. I choose "Store credentials" and fill in my administrator password - I expected only administrator can access that service. I named the created item "service2_stored". Now I add service3 the same way as service2 in previous point, but I choose to not store credentials of my admin account. This way I created item service3_notStored. Next I open map1 in mapviewer ([Portal for Arcgis]/arcgis/home/webmap), click on Add->Search for Layers->Find "service1" in "My Content" (this is item automatically added to Portal when I published service), and it was never shared with anyone. Then I add service2_stored and service3_notStored in a similar way. Now I log in as user2 and open map1 in mapviewer - I just copy the link from the browser, I did not bother to look for it in My Content. First suprise it that user2 can access map1 at all - I expected some sort of insufficient permission error. Even more astounding, user2 was able to access and edit data in service1 and service3_notStored - although I never granted ANYONE permission to do it, on the Server or Portal. Now the interesting part is that I was not able to access service2_stored, which is exactly what I wanted. My question is, why does this work differently when I store credentials??? I wanted to add all services the way I explained service2_stored, but now I realized when I do it, the editor tracking assigns username and password I stored. If I could just switch it, so it stores user who actually made the changes, it would be enough to solve my problems. Still, I think something is not working properly here. Did I forget about some step? Regards.
... View more
10-26-2017
03:51 AM
|
0
|
3
|
1938
|
Online Status |
Offline
|
Date Last Visited |
11-11-2020
02:25 AM
|