Community
Select to view content in your preferred language

Authorization in client application using ArcGIS API

866
4
Jump to solution
04-23-2013 01:00 PM
tonylife
by
Occasional Contributor
‎04-23-2013 01:00 PM
Our app consumes web map from ArcGIS Online and rest api from ArcGIS server.
Assuming we have create, update, delete and access rights to them, what is the best way to do authorization within our app?

Let's say, in our app, we define multiple user groups. Each user group would have different rights to different layer.
Even in one layer, user group A could do read only, user group B have create and update rights, user group C would have all rights including delete. How to implement this feature?

To simplify the question, how to limit user rights from client application even client app have admin rights to consume service provided by ArcGIS online and ArcGIS server?

Thanks,
Tony
0 Kudos
1 Solution

Accepted Solutions
derekswingley1
by
Deactivated User
‎04-23-2013 02:31 PM
The identity manager takes care of managing access to secure services. It passes through the credentials provided by the user and helps to manage access to services (retrieves and manages tokens used to access secure services). If a user provides credentials that only have read access, they will be able to display data from a service but attempts to edit will fail. If a user has create, insert, update and delete, they will be able to do all those things.

View solution in original post

0 Kudos
4 Replies
derekswingley1
by
Deactivated User
‎04-23-2013 01:22 PM
This question is probably better for the ArcGIS Server or ArcGIS Online forum, depending on where you're creating these user groups.

On the JS API side, you include the identity manager in your app, users log in and the security settings from your service are honored when retrieving information from your serivce(s) and when edits are pushed back to your service(s).
0 Kudos
tonylife
by
Occasional Contributor
‎04-23-2013 02:08 PM
We can set ArcGIS online web map to grant the user (client application) full access.
Resource provided by ArcGIS server is from our customer and we can't set up anything there.

So let's focus on client side, just set up user access rights from our client application only.

Thanks swingley for your reply. What you mentioned for JS API side, to use Identity Manager, from my understanding, could handle the authentication (user login), but not authorization (user rights). Any thought?

Thanks,
Tony
0 Kudos
derekswingley1
by
Deactivated User
‎04-23-2013 02:31 PM
The identity manager takes care of managing access to secure services. It passes through the credentials provided by the user and helps to manage access to services (retrieves and manages tokens used to access secure services). If a user provides credentials that only have read access, they will be able to display data from a service but attempts to edit will fail. If a user has create, insert, update and delete, they will be able to do all those things.
0 Kudos
tonylife
by
Occasional Contributor
‎04-24-2013 05:59 AM
Thank you.
It seems that Javascript API does rely on  ArcGIS server for authorization.
I'll change the direction and look into ArcGIS server part.
Thanks again.

Tony
0 Kudos