In ArcGIS Enterprise, I am wondering if it is possible to prevent feature services from being used outside of the host ArcGIS Enterprise environment?
For example, I publish a feature service to our ArcGIS Enterprise environment. What I am wondering is if it is possible to prevent them from taking the feature service REST endpoint URL and putting it in completely different ArcGIS Enterprise/AGOL environment? Since users have access to that REST endpoint URL, they can theoretically add it to any environment they want to as long as they have permission to access it on the host ArcGIS Enterprise environment. I was wondering if we could prevent that from happening in any way?
I know there is the extreme solution of making ArcGIS Enterprise VPN access only, but didn't know if there was anything else we could do.
Solved! Go to Solution.
Hi @RyanUthoff
I believe the solution you are looking for is to set limit usage on the secure services. This means that services will only be able to used in urls that you define such as your maps / apps. More information available here:
Hope this helps
Ryan,
I beleive the answer here is Portal. Publish the feature service in Portal then only the named users with access to the feature service in Portal can have access. But they will still be able to consume the feature service in multiple ways with different apps. I don't use Portal so I am really speaking off the cuff.
Bernie.
Right, but the named users with access can add it to other Portals/AGOL if they wanted to, which is what I would like to prevent. They can add it to any Portal/AGOL as long as they authenticate it against the host Portal when they add it.
Hi @RyanUthoff
I believe the solution you are looking for is to set limit usage on the secure services. This means that services will only be able to used in urls that you define such as your maps / apps. More information available here:
Hope this helps
Thanks Richard for sharing that this can now be done at item level at recent releases!
Hmm, that looks really promising. Except, it doesn't seem to apply to feature services published directly to Portal. Only ones that you manually add through a URL.
I just published a test feature service to our 10.9.1 Portal and did NOT share it (like the instructions say). When I go into the feature service settings, there is no limit usage settings.
However, if I add a feature service REST URL from our other Portal, the Limit Usage section is there.
Hi @RyanUthoff
I believe this is expected as it only applies to secure ArcGIS Server services. If you add the url from the ArcGIS Server rest end point into Portal as a content item and opt to store credentials you will have the option to apply limit usage to the layer
Hope this helps
Have you tried the "Allowed Origin" under Portal > Setting > Security?
Disable your REST Endpoint