Community
Select to view content in your preferred language

Allow privledges to be set for feature classes within a feature dataset

2704
16
03-31-2010 09:14 PM
Status: Open
Labels (1)
RobertDeHerrera
by
Emerging Contributor

In a multi-user SDE environment, some feature classes need to participate within a topology. However, we need the ability to deny edit privledges to selected feature classes within a feature dataset. An example:

  • Tax district boundaries are maintained by the Assessor's office.
  • Election precinct boundaries are maintained by the Elections office.
  • Both tax districts and precincts share topological relationships.
  • Elections staff don't want Assessor's staff fiddling with their boundaries accidentally.
  • Assessor's staff don't want Elections staff fiddling with parcels accidentally.

Currently, the only option in SDE is to grant users from both offices full edit permissions to the entire feature dataset.
We need the option to disallow edit privledges to individual feature classes within a feature dataset.

16 Comments
MikeSharp
by
‎10-20-2011 04:02 AM
Great idea!
SteveWagner
by
‎01-26-2012 12:43 PM
We have the same problem. We need to grant differnet permission within a feature dataset. This would be a great help to us.
MarceloMarques
by Esri Regular Contributor
‎11-24-2014 09:12 AM
I have the same problem and would like the default featuredataset behavior to change regarding permissions.
Case 1:  a featuredataset with serveral featureclasses contain very large featureclasses (300 million rows) with partioned tables/indexes, only few editor shall be able to edit the large featureclasses, while the remaining editors need to have read-only access, the workaround would be to move the large featureclasses to a separate featuredataset, but because those a large featureclasses this will require to reload the data which takes a very long time.
Case 2:  an electric utility has a featuredataset with a geometric network and wants to grant read-access to transformers to certain editors, while other editors shall have read-write access.

FAQ:  Can different privileges be granted to feature classes within a feature dataset ?
http://support.esri.com/index.cfm?fa=knowledgebase.techarticles.articleShow&d=25830
 
MarceloMarques
by Esri Regular Contributor
‎11-24-2014 09:12 AM

Case Study
Business Rule:  the database administrator is asked to change the permissions for an editor user, the editor user shall have read-write access to all featureclasses inside a featuredataset except for 1 featureclass which shall have read-only access.
Problem:  in ArcMap the editor user cannot edit any featureclasses that reside inside the featuredataset after the privilege change.
Details:
  1. the database administrator grants “select,insert,update” privileges to all featureclasses inside a featuredatabaset to the editor user, expect for 1 featureclass which grants only the “select” privilege
  2. user launches ArcMap and opens ArcCatalog and connects as the editor user to the geodatabase
  3. user brings the read-only featureclass into ArcMap TOC and tries to start editing, it returns a warning message as expected
  4. user removes the read-only featureclass from TOC
  5. user brings a read-write featureclass from the same featuredataset as the read-only featureclass into TOC
  6. user tries to start editing and also returns a warning message and is not able to start editing
  7. user complains to the database administrator
  8. database administrator changes the permissions of the read-only featureclass,grants select, insert, update, delete to the editor user again
  9. user closes and opens ArcMap
  10. user brings the featureclass that was read-only into TOC and now it can start editing
  11. user removes the featureclass from TOC
  12. user brings the featureclass the same read-write featureclasses (step5) and now it can start editing as well
Conclusion:  seems ArcGIS Desktop is checking the privileges at the featuredataset level, if an editor user does not have “select, insert, update, delete” on all featureclasses inside the featuredataset then the editor user is not able to start editing.
Issue:  this does not allow flexibility for database administrators to manage privileges for different editor users
Workaround:  database administrators can move read-only featureclasses to a separate featuredataset, however if featureclasses participate in topology or geometric networks for example this will not be viable workaround.
MarceloMarques
by Esri Regular Contributor
‎11-24-2014 09:12 AM
FAQ:  Can different privileges be granted to feature classes within a feature dataset ?
http://support.esri.com/index.cfm?fa=knowledgebase.techarticles.articleShow&d=25830
MarcGalle
by
‎01-08-2019 02:46 PM

Unfortunately this is by software design which is why you need to consider grouping feature classes within datasets not just by topology but by business rules. Hence when migrating database to a new platform you can reconstruct it properly according to roles which you can apply permissions to.

This idea would probably require a whole new re-engineering of the Geodatabase by ESRI?

(NOTE: It would be useful for users to see how much time/complexity would be involved for voting our priorities)