The geoprocessing tool Change Privileges should support the parameter combination View = "GRANT" and Edit = "REVOKE". Currently, the tool will only validate for revoking editing privileges using the parameters View = "AS_IS" and Edit = "REVOKE". I understand that you can't have edit privileges without SELECT privileges first, but the combination makes sense to me. In the end, I want viewing privileges, but not editing privileges. There isn't any ambiguity in the final result I am looking for with those parameters. To accomplish this now, I have to revoke the editing privileges using View = "AS_IS" and Edit = "REVOKE" and then grant viewing privileges using View = "GRANT". This takes two steps that could be combined into the logic of the geoprocessing tool instead.
Wow, this is an old post and still not yet implemented. I wonder if there is a specific reason for this?
I just came across this scenario where I had edit privileges for feature classes for some users but they were only meant to have view privileges.
I could have used the "AS-IS" and "REVOKE" option, but there might be a scenario where there are some feature classes the the user needs view privilege on, but it has not yet been set. In this case, "AS-IS" will not grant view privilege for these feature classes.
My work-a-round is if view only is needed, I revoke both view and edit privilege and then set them as GRANT and AS-IS.
Here is a snippet of the code that I use (I am actually getting the settings from an xlsx file that I create a dictionary from):
for fc, fc_details in permissions_dict.items():
for user, privileges in fc_details.items():
privilege_level = None
view_privilege = 'AS_IS'
edit_privilege = 'AS_IS'
if privileges['UPDATE'] == 'GRANT':
privilege_level = 'edit'
view_privilege = 'GRANT'
edit_privilege = 'GRANT'
elif privileges['SELECT'] == 'GRANT' and privileges['UPDATE'] != 'GRANT':
privilege_level = 'view'
view_privilege = 'GRANT'
edit_privilege = 'AS_IS'
print(f"{fc} ||> {user} ||> VIEW: {view_privilege} ||> EDIT: {edit_privilege}")
if privilege_level == 'view':
# There is no "REVOKE" option for edit privilege so the view and edit
# privilege must be REVOKED first before the view privilege can be granted
arcpy.management.ChangePrivileges(in_dataset=fc, user=user, View='REVOKE', Edit='REVOKE')
arcpy.management.ChangePrivileges(in_dataset=fc, user=user, View=view_privilege, Edit=edit_privilege)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.