Community
Select to view content in your preferred language

Allow Users to Edit Group-Owned Items Without Requiring Creator Licences

214
0
03-19-2026 10:31 PM
Status: Open
Emily_Clark
by
Emerging Contributor

I help maintain an ArcGIS Enterprise environment for a large government organisation that works with sensitive and operationally critical information. We’ve recently been facing challenges on a project where several team members need the ability to edit data, but we cannot assign them full editing or Creator licences without risking the integrity of our environment. At the same time, we can’t make the layer public, as doing so could expose sensitive information contained in the dataset.

This creates an operational deadlock: users need to maintain content, but our governance model prevents us from giving them the permissions that would enable it.

The problem:

In ArcGIS Enterprise, users currently require a Creator (or higher) user type to make even small adjustments to shared items, such as:

  • Updating symbology or map properties
  • Configuring pop-ups
  • Editing metadata
  • Adding, editing, or deleting records in attribute tables
  • Making basic updates to group-owned maps or layers

However, granting Creator licences also gives users capabilities they do not need, such as:

  • Creating new hosted layers
  • Publishing services
  • Overwriting feature layers
  • Deleting datasets

For environments handling sensitive data, this is a significant governance concern. As a result:

  • Users lack the permissions they need to maintain operational data
  • Administrators become bottlenecks for even minor updates

Enhancement Ideas:

Introduce a new permission model that allows users to edit existing items and table records shared within their groups, without granting high‑risk publishing or creation rights.

This could be implemented in one of two ways:

Idea 1: Introduce a New “Editor+” User Type

A user type that includes:

  • Editing maps and apps shared with their groups
  • Editing layer settings
  • Adding, editing, and deleting attribute table records

but excludes:

  • Creating new hosted content
  • Publishing data or services
  • Overwriting datasets
  • Deleting entire items

Idea 2: Add New Fine-Grained Role Privileges

For example:

“Edit items and table records shared within user’s groups (no ability to create or publish new content)”

This could be assigned to custom roles while retaining strict governance.

Why This Matters:

This change would support:

  • Stronger data governance – Allows operational updates without giving users privileges that could compromise sensitive datasets.
  • Operational efficiency – teams can maintain their own content without relying on GIS administrators for every small change.
  • Aligned with Real-World Needs – Many organisations manage sensitive or high-risk data but still need collaborative editing capabilities.

Who Benefits:

  • Organisations with large non-GIS workforces
  • Government agencies with tight data controls
  • Any organisation managing sensitive datasets across multiple teams
Enabling users to edit group-owned items and attribute table data, without granting high‑risk Creator permissions would significantly improve governance, collaboration, and cost efficiency within ArcGIS Enterprise environments. This enhancement would better reflect how organisations work today and provide a safer, more flexible approach to shared content maintenance.