ArcGIS Server 10.7.1: How to restrict publishing in a particular folder for users assigned in certain role?
For example, in the screenshot below:
Two folders are created MOA and PLA
Two roles of “publisher” type are created: moa_publisher and pla_publisher
Two users are created Yaqoub and Nihad. Yaqoub is assigned to moa_publisher role and Nihad is assigned to pla_publisher role
The MOA is locked and set accessible for moa_publisher role while PLA is locked and set accessible for pla_publisher
Now, why Yaqoub is still able to publish and access PLA folder?
The roles for the built-in identity store in ArcGIS Server are very simplistic. Any users with the Publisher or Administrator role implicitly gains access permissions to all services published on the ArcGIS Server site. This overrides any settings on the individual folders.
For finer-grained access control in a standalone ArcGIS Server site, it is recommended to configure users and roles with a web-tier identity store (such as Active DIrectory).
Hope this helps.
Thank you Rachel for the input.
Why this can be controlled only vai operating system level? Why it is not enhanced to be set via the ArcGIS Server Manager or Administrator?