https://community.esri.com/t5/arcgis-enterprise-questions/securing-rest-folders-services-by-roles/m-p/269834#M10371 <HTML><HEAD></HEAD><BODY><P>Hi Venus,</P><P></P><P><EM>&gt; We want to allow our users to publish and manage their "own" services, but not be allowed to manage any other ones. Is there any other method to achieve this?</EM></P><P></P><P>Yes, this is possible if you federate your ArcGIS Server site with Portal for ArcGIS. After federation, the Server site will follow the security model of Portal - which means only item owners will be able to edit/manage their content. So, publishers will only be able to manage their own web services.</P><P></P><P>Hope this helps,</P></BODY></HTML> Mon, 07 Dec 2015 19:08:31 GMT DerekLaw 2015-12-07T19:08:31Z https://community.esri.com/t5/arcgis-enterprise-questions/securing-rest-folders-services-by-roles/m-p/269832#M10369 <HTML><HEAD></HEAD><BODY><P>According to the following page, users who have Publisher's role have access to all services and folders within the ArcGIS Server site.</P><P></P><DIV style="margin-left: 40px;"><SPAN style="color: #4d4d4d;">"When a role has its role type set to Administrator or <SPAN style="text-decoration: underline;">Publisher</SPAN>, members of that role will have implicit permission to access <SPAN style="text-decoration: underline;"><STRONG>all</STRONG></SPAN> services hosted on an ArcGIS Server site. This implicit permission cannot be overridden by changing the permissions on a service or folder. "</SPAN><BR /> <A href="http://server.arcgis.com/en/server/latest/administer/windows/editing-permissions-in-manager.htm" title="http://server.arcgis.com/en/server/latest/administer/windows/editing-permissions-in-manager.htm">http://server.arcgis.com/en/server/latest/administer/windows/editing-permissions-in-manager.htm</A> </DIV><DIV style="margin-left: 40px;"><P></P>That means, Publishers can stop or delete <STRONG>any</STRONG> services hosted on the site.<BR /> <BR /> For example, if one organization is using ArcGIS 10.x for Server and wants to manage map services by departments, the OOTB ArcGIS Server does not have the capability to hide folders and services from publishers. We want to allow our users to publish and manage their "own" services, but not be allowed to manage any other ones.</DIV><DIV style="margin-left: 40px;"> </DIV><DIV style="margin-left: 40px;">Is there any other method to achieve this?</DIV><DIV style="margin-left: 40px;"> </DIV><DIV style="margin-left: 40px;"> </DIV></BODY></HTML> Thu, 03 Dec 2015 21:12:18 GMT https://community.esri.com/t5/arcgis-enterprise-questions/securing-rest-folders-services-by-roles/m-p/269832#M10369 VenusScott 2015-12-03T21:12:18Z https://community.esri.com/t5/arcgis-enterprise-questions/securing-rest-folders-services-by-roles/m-p/269833#M10370 <HTML><HEAD></HEAD><BODY><P>You are right. Here's the list of dos and dont's that the Publisher role has capability for: </P><P><A href="http://server.arcgis.com/en/server/latest/administer/linux/publisher-role-support-in-manager.htm" title="http://server.arcgis.com/en/server/latest/administer/linux/publisher-role-support-in-manager.htm">Publisher role support in Manager—Documentation (10.3 and 10.3.1) | ArcGIS for Server</A></P><P></P><P> However, as you had asked for, there was an enhancement request asking for limiting Publisher's role to just publishing and modifying services: NIM086293: Restrict the access of Publisher Role in the ArcGIS Server 10.1 just to publishing and modifying the map services.</P><P></P><P>This idea was rejected because the role of Publisher was designed to create, delete and modify all services in Server Manager. </P><P></P><P>Hope this helps! </P></BODY></HTML> Fri, 04 Dec 2015 23:35:26 GMT https://community.esri.com/t5/arcgis-enterprise-questions/securing-rest-folders-services-by-roles/m-p/269833#M10370 AravindatStoryMaps 2015-12-04T23:35:26Z https://community.esri.com/t5/arcgis-enterprise-questions/securing-rest-folders-services-by-roles/m-p/269834#M10371 <HTML><HEAD></HEAD><BODY><P>Hi Venus,</P><P></P><P><EM>&gt; We want to allow our users to publish and manage their "own" services, but not be allowed to manage any other ones. Is there any other method to achieve this?</EM></P><P></P><P>Yes, this is possible if you federate your ArcGIS Server site with Portal for ArcGIS. After federation, the Server site will follow the security model of Portal - which means only item owners will be able to edit/manage their content. So, publishers will only be able to manage their own web services.</P><P></P><P>Hope this helps,</P></BODY></HTML> Mon, 07 Dec 2015 19:08:31 GMT https://community.esri.com/t5/arcgis-enterprise-questions/securing-rest-folders-services-by-roles/m-p/269834#M10371 DerekLaw 2015-12-07T19:08:31Z https://community.esri.com/t5/arcgis-enterprise-questions/securing-rest-folders-services-by-roles/m-p/269835#M10372 <HTML><HEAD></HEAD><BODY><P>Derek, we are now looking into whether or not Portal is needed in our organization. This function makes a good case for it! Thanks!</P></BODY></HTML> Mon, 07 Dec 2015 19:13:43 GMT https://community.esri.com/t5/arcgis-enterprise-questions/securing-rest-folders-services-by-roles/m-p/269835#M10372 VenusScott 2015-12-07T19:13:43Z