Community

Arcade functions for (portal) user and role

1643
5
07-15-2019 03:52 AM
Status: Open
Gertvan_Dijk
by
New Contributor III

It would be very helpful if we could have Arcade functions to retrieve and interrogate portal user names and roles in Attribute Rules. Especially to create rules that allow only certain users and/or roles to execute. This would be very helpful for Portal for ArcGIS and for ArcGIS Online user names and roles.

Tags (2)
5 Comments
XanderBakker
by Esri Esteemed Contributor
‎07-16-2019 05:46 AM

Hoi Gert van Dijk ,

Could you elaborate on a specific use case? As you know Attribute Rules are configured on the data side and you can grant access to the data based on user names through groups in your portal. 

BTW: when you create an idea you should vote it up yourself

Gertvan_Dijk
by
‎07-16-2019 06:00 AM

Hi Xander,

We’re getting more and more requirements from customers for low-level or fine-grained security and accessibility. Meaning f.i. different security and accessibility regimes per lifecycle phase/project phase, certain attributes only the owner or security officer or other specific role can manipulate etc. For these circumstances it could be helpful to create attribute rules, that can interrogate a user_name and role.

So next to granting rights on services, and having fields writable/readonly the rules could be further establish authorized usage of data.

Hope this will give you an idea.

Best Regards,

Gert van Dijk

XanderBakker
by Esri Esteemed Contributor
‎07-16-2019 06:05 AM

Hi Gert van Dijk 

That makes perfect sense. Thank you for sharing!

by Anonymous User
‎07-22-2019 04:16 PM

Hi Gert van Dijk,

If you are using hosted layers, you could explore the idea of creating hosted feature layer views and only permitting edits on data that is exposed in that view. (The views could be editable and the source data read-only, for example).

https://enterprise.arcgis.com/en/portal/latest/use/create-hosted-views.htm

Gertvan_Dijk
by
‎07-22-2019 11:35 PM

Hi Hilary,

Thanks for this info, absolutely correct. But for a System of Registration, like Utility Network Management working only on referenced services and web layers in an user managed data store this does not seem an easy to use option. Since the transactions need to land again in the user managed data store.