prevent data download/export from AGOL public layer

569
4
12-08-2021 11:44 AM
Status: Open
SarahHartholt
Occasional Contributor III

I would like to prevent anyone from downloading feature layers that I have share publicly or, at the very least, the ability to choose which attribute fields to block from being downloaded. I understood from a blog post that unchecking the box next to Allow others to export to different formats would prevent others from downloading my data but I was able to use the REST endpoint to access my Feature Layer (hosted, view) and export the information from an ArcGIS Pro project that I was not signed into. 

I would like to apply this concept to the following project/workflow:

I created a model to re-write a Feature Layer every day at noon by deleting all of the features in the Feature Layer and appending features that have a Status of Active or Pending (some data expires over time and I do not want to show these locations). My point Feature Layer (hosted, view) is embedded in a public dashboard that displays an address in the pop-up. The point of the app is to allow the public to view where there are valid licenses and determine if they need to report an infraction. As there are nearly 1000 data points, I don't mind if members of the public look through the individual points but I don't necessarily want them to have access to the whole dataset or be able to download the data which changes over time. I also don't want them to know which points are assigned a status of Active or Pending, which is not disclosed in the pop-up but is stored in the underlying attribute table. 

Tags (2)
4 Comments
jcarlson

If you don't want an attribute exposed publicly, consider creating a view layer that excludes the field in question.

As far as downloading however, you can't control how people are going to use your data. If someone decides to download a static copy of a dynamic dataset, that's sort of on them for making that decision. I understand wanting to prevent that sort of thing, but as far as I can tell, it's basically impossible. If you expose the data for viewing, then someone can just save that data by any number of means.

You can encourage your users to be responsible data consumers and to make wise decisions, but whether or not they actually follow your advice is up to them, for better or worse.

RRC_GISServices

This technical article may help with this. 

https://support.esri.com/en/technical-article/000017029

It creates another connection (similar to a view) to the original feature service but with the option of storing credentials. This new layer can have URL or IP restrictions applied so it can only be used in specific apps.  This method also prevents access to the REST endpoint. The service URL of the second layer starts with 'https://utility.arcgis.com/'

The original feature service can be unshared and the new limited one can be shared publicly and added to your specific application.

The apps that need to use the new layer will need their URL added to the 'limit usage' option in the settings tab of the new layer.

I have done some testing with this recently with some tile layers. The original layers are not shared but the secured versions are shared to the public. It can only be viewed in the apps that have been given permission. When opened in an app that doesn't have permission, it returns an error.

However, I did encounter issues with this process when used on a hosted tile layer that had the tiles generated and stored in AGOL. 

SarahHartholt

Thank you! This seems to do the trick. Just wondering if it is possible to add the new layer to a previously created web map/app? I have tried to add the URL of the map & app that I would like the new layer to display in to the 'limited usage' box but keep getting an error (Unable to add layer) when trying to add it to the pre-existing map. What I would like to do is add it to a pre-existing dashboard so that I don't have to replicate my existing dashboard or bother anyone about changing the URL of the dashboard that is already live on our website. 

StaceyMartin

I am trying to follow the work flow from the article mentioned above but I am not seeing the 'limit usage' option under settings.  Is there some organizational setting that must be in place first?