Hi there,
I am trying to work out whether there is a way to set Global permissions for viewer and editor roles so that they cannot create new data in the database.
Some context:
I am on v10.1, using an ArcSDE database with SQL Server 2008 R2 back-end.
I have set up 3 roles (Viewer, Editor and Creator) through ArcCatalog, and have also set up some users that I have assigned to these roles (one account that is used to create data, a few editor accounts, and as many viewer accounts as are required).
Having created a Feature Dataset with the 'Creator' account, and set the permissions on the dataset appropriately, I have verified that neither the editor account or the viewer accounts can delete or add data to the feature dataset - All good so far!
However, I discovered that both the viewer and editor accounts ARE able to create their own data in the root of the geodatabase, and then do whatever they want with that data. Not really what I want!!
I have also tried using SQL Server Management Studio to limit permissions on the roles, but to no avail.
Any ideas?
Thanks and kind regards,
Ben