Allow non-admin role to enable/disable ESRI access

184
4
09-20-2021 08:29 AM
Status: Open
AdrianHughes2
New Contributor II

It would be useful if non-admin custom roles could have this ability. It's necessary for deleting users from the system and in my org this workflow is for non admins with an elevated custom role

Tags (1)
4 Comments
RobertBorchert

I view this as a very bad idea.  It would be like walking into a 10th grade class room on the first day of drivers ed and throwing down 30 copies to your car keys and walking away.

It is limited to a specific group of people for a reason. 

Not that we want to be controlling, but we need to be controlling of this. 

In my organization of 850 people, only 5 of us have this ability. 

Handing out this ability would result in the chaos of 40 people doing it 50 different ways. 

AdrianHughes2

I disagree. We want to give this ability to a custom group of seasoned and trusted analysts, we want to keep full admins to a small number but have a larger group of users just below full admin level.

 

You can already give  custom roles the ability to delete users so why not enable/disable ESRI access?

 

RobertBorchert

Then make those individuals creators/administrators.  Either they are admin or they are not. 

They still are not going to the passwords to the actual portals, just inside of AGOL or Portal. 

But truly, how often do you need a special person to perform this operation. Unless you are in an educational institution are you adding and removing people quite often. 

We have 850 in our company with around 400 of them using the gis, and it is all handled by a single person via our SAML system, and she does not have an administrator user she is a creator/user

When a new employee comes in that person (who is not a GIS person) assigns them their level.  When they leave the company their log in credentials are automatically removed when they are made a non employee. 

AdrianHughes2

Then why have any admin privileges made available for custom roles? Your binary approach to admin roles and single person approach is quite different to our model. If that works for you then great.

I would just like ESRI to consider adding this permission to the whole range of other admin permissions they have allowed to be added to custom roles.