Where is Portal security data stored?

2973
2
Jump to solution
06-30-2015 09:52 AM
RickThiel
Occasional Contributor

We are doing a security review of the ArcGIS Portal for Server 10.3 environment.  We currently have a sandbox Portal environment setup on some developement/test servers in house.  One of my security guys asked me where the Portal user and security information is stored.  I did not know the answer, I assumed that it was some sort of flat file on the server somewhere.

When a user visits our Portal for the first time, a named user account is created for them.  That appears to be Portal data right (not ArcGIS server data).  I did some casual searching, but I could not determine where this data is being stored.  Can someone tell me?

PortalUsers.PNG

Additionally, Portal Groups can be linked to Active Directory groups.  Do you know where that data is stored too?

PortalGroups2.png

Thank you.

  --Rick

0 Kudos
1 Solution

Accepted Solutions
DustinHobbs
Esri Contributor

Greetings Rick,

The Portal Security is actually not stored within a flat file. Instead it is held within a PostgreSQL database.

It sounds as if you have automatic account creation enabled. Therefore, the end user account that is created is Portal data and not ArcGIS Server data. If you were to federate ArcGIS Server with Portal you'd have the following benefits:

  • The server and the portal share the same user store (that of the portal). This results in a convenient single sign-on experience.
  • Your existing ArcGIS Server services are automatically shared as portal items. Any subsequent items you publish to the server are automatically shared on the portal.
  • You can optionally allow the server to host cached maps, feature services, and scene services (tile layers, feature layers, and scene layers) published by users of the portal.

Additional information about federation can be found at the following link:

Federating an ArcGIS Server site with your portal—Portal for ArcGIS (10.3 and 10.3.1) | ArcGIS for S...

Lastly the link between Portal Groups and Active Directory Groups is also stored within the PostgreSQL database. You could think of it as a redirect. You created the group in Portal but it's actually being redirected to the Active Directory group.

I hope this information helps.

View solution in original post

2 Replies
DustinHobbs
Esri Contributor

Greetings Rick,

The Portal Security is actually not stored within a flat file. Instead it is held within a PostgreSQL database.

It sounds as if you have automatic account creation enabled. Therefore, the end user account that is created is Portal data and not ArcGIS Server data. If you were to federate ArcGIS Server with Portal you'd have the following benefits:

  • The server and the portal share the same user store (that of the portal). This results in a convenient single sign-on experience.
  • Your existing ArcGIS Server services are automatically shared as portal items. Any subsequent items you publish to the server are automatically shared on the portal.
  • You can optionally allow the server to host cached maps, feature services, and scene services (tile layers, feature layers, and scene layers) published by users of the portal.

Additional information about federation can be found at the following link:

Federating an ArcGIS Server site with your portal—Portal for ArcGIS (10.3 and 10.3.1) | ArcGIS for S...

Lastly the link between Portal Groups and Active Directory Groups is also stored within the PostgreSQL database. You could think of it as a redirect. You created the group in Portal but it's actually being redirected to the Active Directory group.

I hope this information helps.

RickThiel
Occasional Contributor

Thanks Dustin!

0 Kudos