Privileges are ticked all together,

JamalNUMAN · ‎01-31-2013

Privileges are ticked all together,

While assigning privileges for user on a particular feature class, the privileges are ticked all together and the system doesn???t give the chance to tick the ones we need

[ATTACH=CONFIG]21267[/ATTACH], [ATTACH=CONFIG]21270[/ATTACH], [ATTACH=CONFIG]21273[/ATTACH], [ATTACH=CONFIG]21274[/ATTACH]

What might be the issue? How I can tick the one I need without ticking the others? Is this a bug?

Thank you

Best

Jamal

----------------------------------------
Jamal Numan
Geomolg Geoportal for Spatial Information
Ramallah, West Bank, Palestine

MarcoBoeringa · ‎02-03-2013

My sde is 10.1, nevertheless, this option (to grant separate permissions) is not valid. These three permissions (insert/update/delete) are granted automatically together as one of them is ticked

What might be the issue?

Jamal, there is no issue. This behaviour is required for supporting the versioned long transaction workflow, where different "versions" of the same features can co-exist in the RDBMS for an indefinite amount of time. The INSERT/UPDATE/DELETE rights need to be coupled for that as records are not being locked during editing. Instead new records are being added to the Adds and Deletes delta tables coupled with a certain "database state". This is different from a short transaction RDBMS editing environment where specific records in the database are completely locked, in which case INSERT/UPDATE/DELETE rights can be separate entities.

As Melita wrote:

Hi Jamal,

This has been discussed on the forums quite often. If a user is going to have editing permission, he must have the ability to add and delete data. That's actually what happens--the existing feature is deleted and the updated feature is added to the database. I looked at the 10.1 help which you should review, but I think this 9.3 help mentions the add/delete/update privileges.

Melita

More clearly, see this text from the this ArcGIS Help page:

"If the dataset is not versioned, you can grant and revoke the update, insert, and delete privileges individually. For example, you can grant a user select and update privileges, which allows the user to connect to the dataset and alter existing features but does not allow the user to add new features or delete existing features.

If the dataset is registered as versioned, the privileges that allow a user to modify a dataset (update, insert, and delete) must be granted and revoked as a group."

View solution in original post

Anonymous User · ‎01-31-2013

Original User: mkennedy

Hi Jamal,

This has been discussed on the forums quite often. If a user is going to have editing permission, he must have the ability to add and delete data. That's actually what happens--the existing feature is deleted and the updated feature is added to the database. I looked at the 10.1 help which you should review, but I think this 9.3 help mentions the add/delete/update privileges.

Melita

AsrujitSengupta · ‎01-31-2013

Jamal,

I am assuming that you are using a sde 10.0 geodatabase or one prior to that, because in a sde 10.1 geodatabase we can separately grant Insert, Update or Delete privileges. From the images, it shows that you are using ArcGIS Desktop 10.1 but the version of the sde geodatabase will still matter.

Still just FYI, you can grant Insert, Update or Delete separately from 10.1 onwards. Here is a snap showing that:
[ATTACH=CONFIG]21277[/ATTACH]

Hope this helps.

Regards,

Anonymous User · ‎02-01-2013

Original User: Jamal432@gmail.com

Jamal,

I am assuming that you are using a sde 10.0 geodatabase or one prior to that, because in a sde 10.1 geodatabase we can separately grant Insert, Update or Delete privileges. From the images, it shows that you are using ArcGIS Desktop 10.1 but the version of the sde geodatabase will still matter.

Still just FYI, you can grant Insert, Update or Delete separately from 10.1 onwards. Here is a snap showing that:
[ATTACH=CONFIG]21277[/ATTACH]

Hope this helps.

Regards,

Thank you Melita and Asrujit for the help,

1. Sure, those users are aimed to be granted permissions on a versioned environment (�??move edits to base�?� or �??NON-move edits to base�?� options)

2. Can users be granted separate permissions (select/insert/update/delete) in the versioned environment in ArcGIS 10.1 (which I use)?

Best

Jamal

AsrujitSengupta · ‎02-01-2013

Yes, users can grant separate permissions in 10.1, just that the sde geodatabase should be 10.1 too.

Regards,

Anonymous User · ‎02-01-2013

Original User: Jamal432@gmail.com

Yes, users can grant separate permissions in 10.1, just that the sde geodatabase should be 10.1 too.

Regards,

Many thanks Asrujit for the prompt answer.

My sde is 10.1, nevertheless, this option (to grant separate permissions) is not valid. These three permissions (insert/update/delete) are granted automatically together as one of them is ticked

[ATTACH=CONFIG]21358[/ATTACH]

What might be the issue?

Best

Jamal

MarcoBoeringa · ‎02-03-2013

My sde is 10.1, nevertheless, this option (to grant separate permissions) is not valid. These three permissions (insert/update/delete) are granted automatically together as one of them is ticked

What might be the issue?

Jamal, there is no issue. This behaviour is required for supporting the versioned long transaction workflow, where different "versions" of the same features can co-exist in the RDBMS for an indefinite amount of time. The INSERT/UPDATE/DELETE rights need to be coupled for that as records are not being locked during editing. Instead new records are being added to the Adds and Deletes delta tables coupled with a certain "database state". This is different from a short transaction RDBMS editing environment where specific records in the database are completely locked, in which case INSERT/UPDATE/DELETE rights can be separate entities.

As Melita wrote:

Hi Jamal,

This has been discussed on the forums quite often. If a user is going to have editing permission, he must have the ability to add and delete data. That's actually what happens--the existing feature is deleted and the updated feature is added to the database. I looked at the 10.1 help which you should review, but I think this 9.3 help mentions the add/delete/update privileges.

Melita

More clearly, see this text from the this ArcGIS Help page:

"If the dataset is not versioned, you can grant and revoke the update, insert, and delete privileges individually. For example, you can grant a user select and update privileges, which allows the user to connect to the dataset and alter existing features but does not allow the user to add new features or delete existing features.

If the dataset is registered as versioned, the privileges that allow a user to modify a dataset (update, insert, and delete) must be granted and revoked as a group."

Anonymous User · ‎02-03-2013

Original User: Jamal432@gmail.com

Jamal, there is no issue. This behaviour is required for supporting the versioned long transaction workflow, where different "versions" of the same features can co-exist in the RDBMS for an indefinite amount of time. The INSERT/UPDATE/DELETE rights need to be coupled for that as records are not being locked during editing. Instead new records are being added to the Adds and Deletes delta tables coupled with a certain "database state". This is different from a short transaction RDBMS editing environment where specific records in the database are completely locked, in which case INSERT/UPDATE/DELETE rights can be separate entities.

As Melita wrote:

More clearly, see this text from the this ArcGIS Help page:

"If the dataset is not versioned, you can grant and revoke the update, insert, and delete privileges individually. For example, you can grant a user select and update privileges, which allows the user to connect to the dataset and alter existing features but does not allow the user to add new features or delete existing features.

If the dataset is registered as versioned, the privileges that allow a user to modify a dataset (update, insert, and delete) must be granted and revoked as a group."

Many thanks Marco for the very useful answer. This is precisely what I wanted to know

Very much appreciated

Jamal