Community
Select to view content in your preferred language

Data user can create data in the geodatabase

650
2
Jump to solution
01-18-2023 08:53 AM
Labels (1)
Labels
ErikaJimenez_Rivera1
by
Emerging Contributor
‎01-18-2023 08:53 AM

According to the theory, "most gdb users are data users who read and edit datasets but do not create or manage them." However, when we create a data user or data owner there is not really a difference, meaning we use the same tool "Create database user". The problem is that a data user has the capacity of creating data in the geodatabase even thought this user should not. So, the question is: is there a way to restrict the data user so this user cannot create new data  (feature classes, tables, etc.) in the geodatabase? 

I have been looking the gp tools, and have not found a parameter that does this...

 

0 Kudos
1 Solution

Accepted Solutions
MarceloMarques
by Esri Regular Contributor
Esri Regular Contributor
‎01-18-2023 09:40 AM

Hello @ErikaJimenez_Rivera1 

You can find how to create an editor and viewer user in my database guide books in the link below.

community.esri.com - Mapping and Charting Solutions (MCS) Enterprise Databases Best Practices

Read the "Production Mapping" guide book series in the link above.

The editor user will have "select, insert, update, delete" on the tables of the data owner user, and the viewer user will have "select" on the tables of the data owner user.

This configuration is known for over 25 years, since the enterprise geodatabase was first released back in 1998.

The guide books are just the start point for best practices, you can download my database template scripts in the same link above, the templates have a lot more best practices. 

Also, please read the "database connections best practices" in the link below as well.

community.esri.com - Database Connections Best Practices

Notes:

  • the editor / viewer users will not be able to create featureclasses or tables.
  • but the editor / viewer users will still be able to create geodatabase domains and geodatabase featuredatasets, this is known for many years, and there already is an enhancement request "ENH-000152620" asking to change that.
  • the editor / viewer user shall still be able to create geodatabase versions, this is an expected behavior, but even that would be a nice enhancement so the geodatabase administrator could control that level of permission as well, there is no enhancement request to change that though.

I hope this helps.

| Marcelo Marques | Esri Principal Product Engineer | Cloud & Database Administrator | OCP - Oracle Certified Professional | "In 1992, I embarked on my journey with Esri Technology, and since 1997, I have been working with ArcSDE Geodatabases, right from its initial release. Over the past 32 years, my passion for GIS has only grown stronger." | “ I do not fear computers. I fear the lack of them." Isaac Isimov |

View solution in original post

2 Replies
MarlonAmaya
by Esri Contributor
Esri Contributor
‎01-18-2023 09:05 AM

Hi @ErikaJimenez_Rivera1 

When creating a user using the "Create Database User" GP tool, this will inherently give the new user the ability to create their own data in their own schema. This is expected behavior. You would need to use the database backend to remove certain permissions that will not allow this new user the ability to create data.

Another option, which is best, in most cases is the following:

  • Create the new user on the backend 
  • Using the "data owner" database connection in Pro/ArcMap, give the permissions to the user as you would like (i.e. SELECT,INSERT, ect)
  • There is no GP tool that will create a new user with only edit/view permissions.

https://desktop.arcgis.com/en/arcmap/latest/manage-data/databases/privileges-db-sqlserver.htm

 

Marlon

MarceloMarques
by Esri Regular Contributor
Esri Regular Contributor
‎01-18-2023 09:40 AM

Hello @ErikaJimenez_Rivera1 

You can find how to create an editor and viewer user in my database guide books in the link below.

community.esri.com - Mapping and Charting Solutions (MCS) Enterprise Databases Best Practices

Read the "Production Mapping" guide book series in the link above.

The editor user will have "select, insert, update, delete" on the tables of the data owner user, and the viewer user will have "select" on the tables of the data owner user.

This configuration is known for over 25 years, since the enterprise geodatabase was first released back in 1998.

The guide books are just the start point for best practices, you can download my database template scripts in the same link above, the templates have a lot more best practices. 

Also, please read the "database connections best practices" in the link below as well.

community.esri.com - Database Connections Best Practices

Notes:

  • the editor / viewer users will not be able to create featureclasses or tables.
  • but the editor / viewer users will still be able to create geodatabase domains and geodatabase featuredatasets, this is known for many years, and there already is an enhancement request "ENH-000152620" asking to change that.
  • the editor / viewer user shall still be able to create geodatabase versions, this is an expected behavior, but even that would be a nice enhancement so the geodatabase administrator could control that level of permission as well, there is no enhancement request to change that though.

I hope this helps.

| Marcelo Marques | Esri Principal Product Engineer | Cloud & Database Administrator | OCP - Oracle Certified Professional | "In 1992, I embarked on my journey with Esri Technology, and since 1997, I have been working with ArcSDE Geodatabases, right from its initial release. Over the past 32 years, my passion for GIS has only grown stronger." | “ I do not fear computers. I fear the lack of them." Isaac Isimov |