The ability to add multiple owners for a web feature layer would be useful. Particularly when like me, I share some responsibilities for maintaining, creating and editing these web feature layers. However, some coworkers don't have the experience with GIS or AGOL, and allowing an additional owner would allow me to make improvements to those web feature layers or vice versa. It would allow also for when I leave my current position and/or employer and a simpler way to transfer ownership of the data and ensure continuity.
Hi Damian,
Thanks for creating the ArcGIS Idea. I'd like to highlight two ways we could achieve this with existing functionality.
Administrators, or custom roles with select privileges, can manage other users items.
https://doc.arcgis.com/en/arcgis-online/administer/manage-items.htm#ESRI_SECTION1_07BE763C011B4C0789...
This could include changing ownership of the items in the event the user leaves. This process can also be automated through the ArcGIS API for Python.
I've also seen some organizations have a designated account for authorative content. Web Maps and associated layers ready to go public are reviewed, then changed ownership to that user account. This allows for a QA process, gives authority to content and helps prevent undesired changes.
Specific to your idea, the Shared Update groups allow members to update items that are shared with the group. It's set by Administrators on group creation and allows for multiple people to update the same item. A common workflow, say for field data collection, is to have the web map and layers shared to a standard group (fieldworkers + map publishers) and then share the same items a second time to a Shared Update group (map publishers only). This gives the workers access, and the additional sharing mechanism enables non-owners like yourself to update the maps as required.
Please let me know if these methods don't meet your requirements.
Cheers, Chris
@Anonymous User bit of a bad take.
The privilege to manage another user's content is an administrative privilege and allows them to not manage just the one content item you intend, but any other user's content. It's asking for trouble. It's a solution that shouldn't be offered up lightly.
Using a shared account is only a slightly better approach, but is still playing incredibly fast and loose with security. An even bigger challenge with both this suggestion and the previous is that when you grant any administrative privilege to a user, you end up exposing every single service in the organization to that user because I guess Portal now considers them a semi-administrator. It's kind of bananas. Shared Accounts are almost never a good idea, regardless of data sensitivity or classification. To maintain security, one should use a centralized group that several users can contribute curated content to.
Shared Update Groups are by far the best suggestion here but they have their limitations. For one, if an item could have multiple owners then decommissioning a user account that was being removed from the organization would be far easier as you wouldn't run into as many issues with having to find a new owner for the departing user's content before you removed them. It is a real headache for org admins.
Props to @DamianSmith for having the foresight to see that coming if/when he leaves his org and bringing it up now to save his org admin some grief.
I'd love to set selected users as alternative owners, we spend probably an hour each week swapping owners of content so other people can do the updates in the work flow since only the owner can overwrite and append, or publish story maps. For more complex workflows, many users take turns updating data and it's never just one person. Not only does it involve the users and admin, but it also involves me, the intermediary non admin person who is the go between for users and admin. So many people end up being involved just to let someone else append a feature layer or hit the publish button on a story map. I definitely appreciate the need to not allow ownership to many people for security, so maybe it's only something an administrator can set up.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.