Ownership based access to a parent and child feature service by two different users

03-18-2021 10:55 AM
New Contributor II


I need

1. user 1 with role A to only be able to edit the asset features they create

2. user 2  with role B to be able to create a related inspection record for the asset and not be able to edit any other inspection records created by other users with  role B

So in AGOL I  set up a feature layer view on the feature service 


User 1 with role A creates the parent feature in S123 with the "create feature form" - created by field = user1

User 2 with role B logs in and uses inbox to view the parent feature in the "create inspection form"

If user 2 tries to edit a parent feature field and submit the form then S123 behaves as I would expect (send error), but if user 2 only edits the related record  the same error is shown.  

No edits are being made to the parent owned by user1 so why is user2 not allowed to create a new record?  something to do with the relationship class?  or is a submission treated as an update event to the parent too by S123?

If so can anyone think of a way around this.  If it was enterprise i would publish separate services





1 Reply
New Contributor II

I've tried the same editing scenario by adding the item to Pro and same issue, Pro won't let another user add a related record t the parent if the parent is created by another user - so not S123 issue - just facet of AGOL authorisation model