Community
Select to view content in your preferred language

Disconnect data storage/content from users

2849
12
09-24-2025 02:15 AM
Status: Open
TjibbeWubbels
by
Regular Contributor

Summary:

ArcGIS Online’s user-level storage model creates risks for collaboration, continuity, and compliance—especially in high-turnover environments. It complicates access control, data ownership, and regulatory alignment (e.g. GDPR, NEN 3610, ISO 27001), making centralized governance and auditability difficult. I propose storing content on team/project level, independent of users.

 

Current Storage Mechanism: 

  • In ArcGIS Online/Enterprise, data, applications, dashboards, and other resources are stored at the individual Named User level. 
  • This means that all content is associated with specific individuals, which can create challenges in collaborative environments. 

 

Proposed Storage Mechanism:

  • Store data, applications, dashboards, and other resources in ArcGIS Online/Enterprise at team/project level. 
  • Access and permissions for specific individuals is set on team/project level.

 

Challenges Identified: 

In organizations such as AEC and others, this individual-centric storage model poses significant risks: 

  • Ownership Issues: Projects or teams should ideally own the data, rather than individuals. This is crucial as team members are often transient, moving between projects or leaving the organization. 
  • Data Reshuffling: When a team member departs, the data must be reorganized, leading to complications with applications and dashboards that rely on that data. 
  • Security Risks: The current model can expose sensitive information when individuals leave, as their associated data may not be properly managed or transferred. 
  • Backup and recovery challenges: Difficult to oversee if all relevant data has been included in a project or team backup.
  • No centralized oversight of data: content for a project or team is potentially spread over multiple users and hard to manage.
  • Dependency on individual users: If a dataset is tied to a specific user, others are dependent on this user to make changes to the content itself or the sharing level.

 

Comparison with Other Tools: 

  • Unlike government agencies and utilities, which typically have stable operators with consistent access needs, many organizations face high turnover rates. 

Tools like Microsoft Teams and SharePoint provide a more effective model for data storage: 

  • Group Ownership: Data is stored within teams or projects, allowing for shared access among members with appropriate permissions. 
  • Individual Ownership Path: Microsoft also allows individuals to own content through OneDrive, enabling them to share it with smaller groups as needed. 

 

Risks 

  • Loss of access: After a user leaves, content can no longer be accessed by the project or team (without administrator involvement and migrating of content)
  • Inconsistent sharing settings: Users may misconfigure sharing permissions, unintentionally exposing sensitive data or restricting access to others who need it. This is a security risk.
  • Overlooked data: Data is missed when sharing content to a client or when creating backups.
  • Locked content: if the user is absent, content tied to a user cannot be updated by other team members unless shared in a shared update group.
  • Audit trail gabs/regulatory compliance: user-level storage makes it harder to track who has access to data, to ensure data is deleted according to policy and to set up security by design (GDPR compliance). Consistent metadata and data models are more difficult to set up on team or project level (NEN3610 compliance). Centralized control over data, clear access policy and auditability and traceability are more challenging (ISO 27001)
12 Comments
ElliottPlackGFT
by
‎11-12-2025 08:24 AM

I like the idea and might add that another benefit would be around transferring content between organizations. When the data is only associated with an organization, it could be transferred to another one and have less dependency on the individual.

Geoeki
by
‎02-02-2026 07:37 AM

Good day,

Are there any updates on this topic?

This is currently one of the most significant challenges we face in operating our Enterprise GIS within our construction group. To mitigate the risks of user-owned content, we have built much of our GIS web application framework around the concept of project-based GIS workspaces. In practice, we rely on generic “data owner” accounts that own the portal groups and related content, so that ownership is tied to the project rather than to individual named users.

Our environment is not limited to large, long-running flagship projects where a dedicated Enterprise setup (or project collaboration subscription) is always justified. Instead, we manage a high volume of smaller internal projects with many different stakeholders who often have no overlap. This requires a decentralized operating model, yet the current user-centric storage approach creates ongoing governance, continuity, and maintenance issues.

The reason I’m raising this now is that today we received an update on ENH-000137133 (“increase the maximum number of groups per user in ArcGIS Enterprise portal that are refreshed during sign-in from 512 to unlimited (or at least 5,000)”), which was marked as “will not be addressed,” despite being submitted several years ago. For organizations using a project-based model like ours, limits such as this become a practical blocker, as a single “data owner” account can quickly accumulate a very large number of project groups.

I’d be happy to discuss this with Esri in a call and share how we envision project-based governance and content ownership at scale, if that would be helpful

Kind regards,

Ekrem