Summary:
ArcGIS Online’s user-level storage model creates risks for collaboration, continuity, and compliance—especially in high-turnover environments. It complicates access control, data ownership, and regulatory alignment (e.g. GDPR, NEN 3610, ISO 27001), making centralized governance and auditability difficult. I propose storing content on team/project level, independent of users.
Current Storage Mechanism:
- In ArcGIS Online/Enterprise, data, applications, dashboards, and other resources are stored at the individual Named User level.
- This means that all content is associated with specific individuals, which can create challenges in collaborative environments.
Proposed Storage Mechanism:
- Store data, applications, dashboards, and other resources in ArcGIS Online/Enterprise at team/project level.
- Access and permissions for specific individuals is set on team/project level.
Challenges Identified:
In organizations such as AEC and others, this individual-centric storage model poses significant risks:
- Ownership Issues: Projects or teams should ideally own the data, rather than individuals. This is crucial as team members are often transient, moving between projects or leaving the organization.
- Data Reshuffling: When a team member departs, the data must be reorganized, leading to complications with applications and dashboards that rely on that data.
- Security Risks: The current model can expose sensitive information when individuals leave, as their associated data may not be properly managed or transferred.
- Backup and recovery challenges: Difficult to oversee if all relevant data has been included in a project or team backup.
- No centralized oversight of data: content for a project or team is potentially spread over multiple users and hard to manage.
- Dependency on individual users: If a dataset is tied to a specific user, others are dependent on this user to make changes to the content itself or the sharing level.
Comparison with Other Tools:
- Unlike government agencies and utilities, which typically have stable operators with consistent access needs, many organizations face high turnover rates.
Tools like Microsoft Teams and SharePoint provide a more effective model for data storage:
- Group Ownership: Data is stored within teams or projects, allowing for shared access among members with appropriate permissions.
- Individual Ownership Path: Microsoft also allows individuals to own content through OneDrive, enabling them to share it with smaller groups as needed.
Risks
- Loss of access: After a user leaves, content can no longer be accessed by the project or team (without administrator involvement and migrating of content)
- Inconsistent sharing settings: Users may misconfigure sharing permissions, unintentionally exposing sensitive data or restricting access to others who need it. This is a security risk.
- Overlooked data: Data is missed when sharing content to a client or when creating backups.
- Locked content: if the user is absent, content tied to a user cannot be updated by other team members unless shared in a shared update group.
- Audit trail gabs/regulatory compliance: user-level storage makes it harder to track who has access to data, to ensure data is deleted according to policy and to set up security by design (GDPR compliance). Consistent metadata and data models are more difficult to set up on team or project level (NEN3610 compliance). Centralized control over data, clear access policy and auditability and traceability are more challenging (ISO 27001)
