Securing REST folders/services by roles

2757
3
Jump to solution
12-03-2015 01:12 PM
VenusScott
Occasional Contributor III

According to the following page, users who have Publisher's role have access to all services and folders within the ArcGIS Server site.

"When a role has its role type set to Administrator or Publisher, members of that role will have implicit permission to access all services hosted on an ArcGIS Server site. This implicit permission cannot be overridden by changing the permissions on a service or folder. "
http://server.arcgis.com/en/server/latest/administer/windows/editing-permissions-in-manager.htm

That means, Publishers can stop or delete any services hosted on the site.

For example, if one organization is using ArcGIS 10.x for Server and wants to manage map services by departments, the OOTB ArcGIS Server does not have the capability to hide folders and services from publishers. We want to allow our users to publish and manage their "own" services, but not be allowed to manage any other ones.
Is there any other method to achieve this?
0 Kudos
1 Solution

Accepted Solutions
AravindStoryMaps
Esri Regular Contributor

You are right. Here's the list of dos and dont's that the Publisher role has capability for:

Publisher role support in Manager—Documentation (10.3 and 10.3.1) | ArcGIS for Server

However, as you had asked for, there was an enhancement request asking for limiting Publisher's role to just publishing and modifying services: NIM086293: Restrict the access of Publisher Role in the ArcGIS Server 10.1 just to publishing and modifying the map services.

This idea was rejected because the role of Publisher was designed to create, delete and modify all services in Server Manager.

Hope this helps!

View solution in original post

0 Kudos
3 Replies
AravindStoryMaps
Esri Regular Contributor

You are right. Here's the list of dos and dont's that the Publisher role has capability for:

Publisher role support in Manager—Documentation (10.3 and 10.3.1) | ArcGIS for Server

However, as you had asked for, there was an enhancement request asking for limiting Publisher's role to just publishing and modifying services: NIM086293: Restrict the access of Publisher Role in the ArcGIS Server 10.1 just to publishing and modifying the map services.

This idea was rejected because the role of Publisher was designed to create, delete and modify all services in Server Manager.

Hope this helps!

0 Kudos
DerekLaw
Community Moderator

Hi Venus,

> We want to allow our users to publish and manage their "own" services, but not be allowed to manage any other ones. Is there any other method to achieve this?

Yes, this is possible if you federate your ArcGIS Server site with Portal for ArcGIS. After federation, the Server site will follow the security model of Portal - which means only item owners will be able to edit/manage their content. So, publishers will only be able to manage their own web services.

Hope this helps,

VenusScott
Occasional Contributor III

Derek, we are now looking into whether or not Portal is needed in our organization. This function makes a good case for it! Thanks!

0 Kudos