Select to view content in your preferred language

Possibility of Custom Role to Change Ownership But Not See all Content

121
1
09-24-2024 10:21 AM
McKinneyPatrick_PA
Emerging Contributor

We are trying to create a custom role in our Portal deployment.  By default, we do not want to allow users to share content publicly.  This is the security consideration behind our constraint.  We will be hosting PHI/PII data.

Our goal would be to have a custom role that can allow users to change ownership of items and share publicly.  If a Survey123 survey needed to be deployed off-hours, User A could create and publish the survey.  Next, User B could make themselves the owner, and share the survey publicly; finally, User B would re-assign ownership of the items to User A.  The GIS Portal admins are not on-call/24-hour available staff.

I believe the above is possible.   However, we also have the goal that the custom role that can re-assign ownership of content would not be able to view records for feature layers they do not own.

In our testing, we had to enabled the Administrative privileges > Members > View all and Content > View all to allow the users in this custom role to be able to change ownership.  They are also able to see records in feature layers they do no own.

Is what we're trying to accomplish possible?  Or are we doing the right thing, and our goal is not possible?

 

0 Kudos
1 Reply
ChristopherCounsell
MVP Regular Contributor

What version of ArcGIS Enterprise?

https://enterprise.arcgis.com/en/portal/latest/administer/windows/privileges-for-roles-orgs.htm#ESRI...

In the latest release reassigning content ownership is broken up into two privileges; your own content and then other users content. This should be what you are after. Is this what you are testing?

Earlier releases, say 10.9.1, I believe it was all content in one privilege.

0 Kudos