My organization would like to allow users to create web maps and apps from existing data and layers without allowing them to upload files themselves.
We have two problems with users uploading files:
Users upload unnecessary copies of existing data which soon go stale. Other users then find those copies and use them. The new Authoritative Data tag is helpful but not sufficient to address this problem.
Users upload data that, for security reasons, needs to remain within our firewall.
But we want to encourage users to make their own story maps and such. We would like to provide authoritative layers that should be sufficient for most users, and restrict the upload of files to only a select few users whom we will train and mentor.
Our proposed solution: Under the "Content" section of the user role privileges, the "Create, update, and delete" privilege should not include upload privileges. "Upload files" should be a separate privilege.