Community
Select to view content in your preferred language

Return Enterprise Geodatabase Dataset Permissions

607
3
06-26-2023 01:39 PM
Status: Closed
Labels (1)
Labels
mpboyle
by
Frequent Contributor

Please create a geodatabase/arcpy tool that returns permissions on an input enterprise dataset.  There are cases when we have new staff start and they need/want the same permissions as another user.  It would be nice to be able to iterate over datasets in a geodatabase, get the permissions on a particular dataset and be able to check what permissions a certain user has.  In this example, I could set a target user name and if found, assign the new user the same permissions as the target user.

The return could be something like either of the following:

 

return = [{user: UserName1, edit: True, view: True}, {user: UserName2, edit: False, view: True}]

return = [{user: UserName1, select: True, insert: True, update: True, delete: True}, {user: UserName2, select: True, insert: False, update: False, delete: False}]

 

 

3 Comments
ChetDobbins
by Esri Contributor
‎12-01-2023 08:16 AM

@mpboyle 

I am wondering whether using database roles would help you achieve the same solution and ultimately make managing database permissions much easier. What i am suggesting is that you would create database roles that fit each user groups specific permission needs, then grant the needed permissions to the roles. When a new staff needs to connect to the database, you can determine which permissions role they fit into and simply create a new database user and add it to that database role. 

HannesZiegler
by Esri Contributor
‎12-01-2023 08:49 AM
Status changed to: Needs Clarification

Please see Chet's potential solution using existing tooling in the post above this one. His question is quoted here for convenience.

I am wondering whether using database roles would help you achieve the same solution and ultimately make managing database permissions much easier. What i am suggesting is that you would create database roles that fit each user groups specific permission needs, then grant the needed permissions to the roles. When a new staff needs to connect to the database, you can determine which permissions role they fit into and simply create a new database user and add it to that database role. 

-ChetDobbins

HannesZiegler
by Esri Contributor
‎05-28-2024 10:50 AM
Status changed to: Closed

Thank you for submitting your idea for a tool to inspect enterprise geodatabase dataset permissions. We appreciate your suggestion. At this time, we are not pursuing this idea given that a best practice solution was offered, and we received no further feedback. 

The solution to consider is as follows:

  1. Create database roles
  2. Assign users to those roles
  3. Assign permissions to the roles that each user group requires
  4. When a new user comes online… determine what permissions they need and assign them to the appropriate role or roles.

 

See the original response by @ChetDobbins:

I am wondering whether using database roles would help you achieve the same solution and ultimately make managing database permissions much easier. What i am suggesting is that you would create database roles that fit each user groups specific permission needs, then grant the needed permissions to the roles. When a new staff needs to connect to the database, you can determine which permissions role they fit into and simply create a new database user and add it to that database role. 

-ChetDobbins

Thank you again for your contribution and understanding. If you have any further questions or concerns, please do not hesitate to contact us.