I want to allow specific user to publish data to my arcgis server. The problem is that I want this specific user to be able to change/modify/delete only services he created/specific services.
I thoght to create arcgis server folder, and allow this user to access only this folder and prohibit from him to access all other services and folders.
Is there an option to do so, or other solution to tge the problem i have described?
Reading this help topic Restricting access to ArcGIS Server—Documentation (10.3 and 10.3.1) | ArcGIS for Server it looks like this is not possible.
Publisher: The Publisher role type is given limited access to ArcGIS Server administrative components and functions. Members of a role with the role type set to Publisher can log in to ArcGIS Server Manager and the Administrator Directory with access to only the service and log management features. They can publish new services, manage existing services, and generate map caches. They cannot configure or change ArcGIS Server security options but can manage permissions for services. This role type should be restricted to roles that publish and manage ArcGIS web services.
and this note:
If a role's type is set to either Administrator or Publisher, that role automatically gets implicit access permission to all GIS web services hosted on the ArcGIS Server site. This implicit permission cannot be overridden by changing the permissions on a service or folder.
You could try the following.
In ArcGIS Server Manager,
1) Create different customized roles and define them for corresponding users.
2) Manager Services > Edit Folder Security (A lock icon on each folder) > In Security Settings: <FolderName>, click "Private, available to selected users"
3) Add the roles who can access the specific folder.
Would setting permissions at the operating system level to revoke writing by thus user work? Maybe in combination with what Jayanta recommended?
EDIT: Based on Vince Angelo comments below (7/5/15).....please ignore this comment.
looking at my 10.2.2 server, when I create a folder in AGS manager, it creates two physical folders on my D drive (but default is C drive), and at least one other on my c)
I'm the admin and I don't have another non admin account to be able to see whether it would work or not, or what error they would get. Of course, best case, I would think you wouldnt even want them to see the folder exists. My guess, it will still be listed, but it would give them an error when trying to publish.
although this may work, I am no expert on what messing around with the folder permissions will do. Make sure you have a way to restore (backup, or how to reverse any folder permission changes) before you mess with things. I'm not sure that any of the above would be suggested by tech support....and it may be good to talk to them first.
Hi Xander, yes, ArcGIS Server creates the folders. I was suggesting changing the permissions AFTER the folder(s) are created. I'm not sure if it would work, nor do I necessary recommend it, I was just trying to think of things that they might want to try (With caution). In our shop, there are only two of us that create services (most are by me) so it's not an issue (that is, only two will publishing privileges). Talking about it us an easy option for..I'm assuming that isn't a possible fir Noam's shop.
I think that the folders and files for the service will be created using the arcgis server account and probably not the user account. Not sure about that, but that's what I'm afraid of.