https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/authorization-in-client-application-using-arcgis/m-p/516060#M48133 <HTML><HEAD></HEAD><BODY><SPAN>Our app consumes web map from ArcGIS Online and rest api from ArcGIS server.</SPAN><BR /><SPAN>Assuming we have create, update, delete and access rights to them, what is the best way to do authorization within our app?</SPAN><BR /><BR /><SPAN>Let's say, in our app, we define multiple user groups. Each user group would have different rights to different layer.</SPAN><BR /><SPAN>Even in one layer, user group A could do read only, user group B have create and update rights, user group C would have all rights including delete. How to implement this feature?</SPAN><BR /><BR /><SPAN>To simplify the question, how to limit user rights from client application even client app have admin rights to consume service provided by ArcGIS online and ArcGIS server?</SPAN><BR /><BR /><SPAN>Thanks,</SPAN><BR /><SPAN>Tony</SPAN></BODY></HTML> Tue, 23 Apr 2013 20:00:49 GMT tonylife 2013-04-23T20:00:49Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/authorization-in-client-application-using-arcgis/m-p/516060#M48133 <HTML><HEAD></HEAD><BODY><SPAN>Our app consumes web map from ArcGIS Online and rest api from ArcGIS server.</SPAN><BR /><SPAN>Assuming we have create, update, delete and access rights to them, what is the best way to do authorization within our app?</SPAN><BR /><BR /><SPAN>Let's say, in our app, we define multiple user groups. Each user group would have different rights to different layer.</SPAN><BR /><SPAN>Even in one layer, user group A could do read only, user group B have create and update rights, user group C would have all rights including delete. How to implement this feature?</SPAN><BR /><BR /><SPAN>To simplify the question, how to limit user rights from client application even client app have admin rights to consume service provided by ArcGIS online and ArcGIS server?</SPAN><BR /><BR /><SPAN>Thanks,</SPAN><BR /><SPAN>Tony</SPAN></BODY></HTML> Tue, 23 Apr 2013 20:00:49 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/authorization-in-client-application-using-arcgis/m-p/516060#M48133 tonylife 2013-04-23T20:00:49Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/authorization-in-client-application-using-arcgis/m-p/516061#M48134 <HTML><HEAD></HEAD><BODY><SPAN>This question is probably better for the </SPAN><A href="http://forums.arcgis.com/forums/214-ArcGIS-10.1-for-Server-General">ArcGIS Server</A><SPAN> or </SPAN><A href="http://forums.arcgis.com/forums/30-ArcGIS-Online">ArcGIS Online</A><SPAN> forum, depending on where you're creating these user groups.</SPAN><BR /><BR /><SPAN>On the JS API side, you include the </SPAN><A href="http://developers.arcgis.com/en/javascript/jsapi/identitymanager.html">identity manager</A><SPAN> in your app, users log in and the security settings from your service are honored when retrieving information from your serivce(s) and when edits are pushed back to your service(s).</SPAN></BODY></HTML> Tue, 23 Apr 2013 20:22:06 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/authorization-in-client-application-using-arcgis/m-p/516061#M48134 derekswingley1 2013-04-23T20:22:06Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/authorization-in-client-application-using-arcgis/m-p/516062#M48135 <HTML><HEAD></HEAD><BODY><SPAN>We can set ArcGIS online web map to grant the user (client application) full access.</SPAN><BR /><SPAN>Resource provided by ArcGIS server is from our customer and we can't set up anything there.</SPAN><BR /><BR /><SPAN>So let's focus on client side, just set up user access rights from our client application only.</SPAN><BR /><SPAN> </SPAN><BR /><SPAN>Thanks swingley for your reply. What you mentioned for JS API side, to use Identity Manager, from my understanding, could handle the authentication (user login), but not authorization (user rights). Any thought? </SPAN><BR /><BR /><SPAN>Thanks,</SPAN><BR /><SPAN>Tony</SPAN></BODY></HTML> Tue, 23 Apr 2013 21:08:49 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/authorization-in-client-application-using-arcgis/m-p/516062#M48135 tonylife 2013-04-23T21:08:49Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/authorization-in-client-application-using-arcgis/m-p/516063#M48136 <HTML><HEAD></HEAD><BODY><SPAN>The identity manager takes care of managing access to secure services. It passes through the credentials provided by the user and helps to manage access to services (retrieves and manages tokens used to access secure services). If a user provides credentials that only have read access, they will be able to display data from a service but attempts to edit will fail. If a user has create, insert, update and delete, they will be able to do all those things.</SPAN></BODY></HTML> Tue, 23 Apr 2013 21:31:52 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/authorization-in-client-application-using-arcgis/m-p/516063#M48136 derekswingley1 2013-04-23T21:31:52Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/authorization-in-client-application-using-arcgis/m-p/516064#M48137 <HTML><HEAD></HEAD><BODY><SPAN>Thank you. </SPAN><BR /><SPAN>It seems that Javascript API does rely on&nbsp; ArcGIS server for authorization.</SPAN><BR /><SPAN>I'll change the direction and look into ArcGIS server part.</SPAN><BR /><SPAN>Thanks again.</SPAN><BR /><BR /><SPAN>Tony</SPAN></BODY></HTML> Wed, 24 Apr 2013 12:59:49 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/authorization-in-client-application-using-arcgis/m-p/516064#M48137 tonylife 2013-04-24T12:59:49Z