Permission on Group Roles and Login Roles

664
1
01-07-2019 12:48 PM
GLCAdmin
New Contributor II

We have set up an Enterprise GDB using ArcGIS 10.6 and PostgreSQL 10.5, and would like to create users can view and edit data, but not creating data. So we followed the instructions at Add login roles to PostgreSQL—Help | ArcGIS Desktop and got some questions.

1. There is a schema "geodata" referred in the instruction, but clearly it is not a built-in schema and I could not find what it refers to. Could someone clarify it for me?

2. Instead of granting "geodata", we continued with granting "sde" to the user. However, the new editor user could not see the feature class after the feature class has been granted privileges through Manage->Privilege. 

3. We did not alter the sde schema privilege, but if I add PUBLIC to the feature class, then the editor user can see the feature class. 

4. What is the best practice for the PUBLIC schema?

Thanks in advance!

Siyu

Tags (2)
0 Kudos
1 Reply
Asrujit_SenGupta
MVP Regular Contributor

1. There is a schema "geodata" referred in the instruction, but clearly it is not a built-in schema and I could not find what it refers to. Could someone clarify it for me?

It was just an example. It is not a built-in schema.

2. Instead of granting "geodata", we continued with granting "sde" to the user. However, the new editor user could not see the feature class after the feature class has been granted privileges through Manage->Privilege. 

What do you mean by: we continued with granting "sde" to the user. 

Check this link for privileges required to be granted to a user: Privileges for geodatabases in PostgreSQL—Help | ArcGIS Desktop 

Data editor

Data editors require the same privileges as data viewers plus these additional privileges.

SELECT, INSERT, UPDATE, and DELETE on other users' datasets

When you use ArcGIS to grant the SELECT, INSERT, UPDATE, and DELETE privileges on a versioned feature class or table, those privileges are automatically granted on the associated versioned view. These privileges are required for the user to edit through versioned views.

Data owners must grant editors the privileges required to edit. Data owners can grant any combination of these privileges to editors.

So basically, just connect as Data Owners in ArcCatalog and grant privileges on required data to the users.