ArcGIS Server 10.7.1: How to restrict publishing in a particular folder for users assigned in certain role?

JamalNUMAN · ‎08-26-2020

For example, in the screenshot below:

Two folders are created MOA and PLA

Two roles of “publisher” type are created: moa_publisher and pla_publisher

Two users are created Yaqoub and Nihad. Yaqoub is assigned to moa_publisher role and Nihad is assigned to pla_publisher role

The MOA is locked and set accessible for moa_publisher role while PLA is locked and set accessible for pla_publisher

Now, why Yaqoub is still able to publish and access PLA folder?

----------------------------------------
Jamal Numan
Geomolg Geoportal for Spatial Information
Ramallah, West Bank, Palestine

RachelSears · ‎08-27-2020

Hello Jamal,

The roles for the built-in identity store in ArcGIS Server are very simplistic. Any users with the Publisher or Administrator role implicitly gains access permissions to all services published on the ArcGIS Server site. This overrides any settings on the individual folders.

For finer-grained access control in a standalone ArcGIS Server site, it is recommended to configure users and roles with a web-tier identity store (such as Active DIrectory).

Manage roles in Manager—ArcGIS Server | Documentation for ArcGIS Enterprise

Hope this helps.

-Rachel

JamalNUMAN · ‎08-29-2020

Thank you Rachel for the input.

Why this can be controlled only vai operating system level? Why it is not enhanced to be set via the ArcGIS Server Manager or Administrator?

----------------------------------------
Jamal Numan
Geomolg Geoportal for Spatial Information
Ramallah, West Bank, Palestine