Apologies for the confusing title, but it's a difficult one to be concise about. So I have an item on ArcGIS Online that I'd like to share with a select group of people who do not have an AGOL account. I had the idea of making the item public, but only sharing the URL with the people who need it, essentially "burying" it in the internet, since someone would have to pretty much guess the whole URL to find it.
Thoughts? Are there any kinds of settings I should change to make sure it doesn't show up on any "suggested" pages?
Hi @jp503 , you should definitely deny editing settings if you are wanting to share it publicly like that either way. It's tricky, and even if you bury it people who look specifically for layers can usually find them quickly enough and do a lot of damage. I would also suggest using or looking into Views of private/organizational shared layers, this would be safer than giving out the layer itself. You can certainly export your item as whatever filetype this group needs, too. Exporting would cut out the internet portion perhaps depending on your project.
In summary, double check your data settings to protect your layer and organization. There are plenty of resources and documentations that go into these steps, and it's considered good professional practice to do these steps anyways.
Hope this helps,
Hi Jansen!
Thanks for your answer! I should have clarified, the item I'm looking to share is a web app, but it does have a layer associated with it, so your advice is relevant. We've changed it so that people can not save a copy of the layer, and I'll check into the other settings you mentioned. In the past, I've marked layers like this as "deprecated" to discourage use, even though there is nothing wrong with the layer, what do you think of that?
Hi @jp503 No worries, web apps fall under the same advice. 🙂
As far as marking items as deprecated, the only advantage is it dissuades the web app being found in ESRI search engines and maybe Google. The layer can still be found, especially if people know what to look for and in my experience it doesn't stop unwanted viewing or access. Prevention is trumped by safety if the material is sensitive or critical, there is still little to stop the unwanted access; in which case you may want to consider not sharing the app publicly and find alternatives. My professors used to show my class for fun how the deprecated use and discouraging use of data really does nothing if someone wants to know about your data; their point was always prevention only slows, it does not stop. If your organization has an IT department, I would consult with them for a second opinion on web security and how to give out web apps you have some concern over for your organization specifically. In this case I don't think it will affect much or be too big an issue, but it is genuinely something to keep in mind and I do not know your situation so keep an open mind to awareness and end goals.
On this note, with covid lockdowns still in place around the world, if your app is of a sensitive nature, having an in person meeting to show the web app may not be welcomed or easy, and I can respect the need to share data digitally over traditional methods currently. However, in lieu of the known or potential hazards of digital sharing, traditional methods still provide that extra level of data control that may not be a bad thing. Hopefully your situation allows for different ways of delivery of the web app, eg a meeting, conference, views, guest logins, or password protected site, but if not don't worry there are always other means and workarounds. I would definitely encourage you to sift around and find more resources. I think your question title is on the spot and I wish you the best in your projects.
Have a great day & God bless,