Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Cancel
- Home
- :
- About JohnMDye
JohnMDye
Regular Contributor
since
05-02-2018
2 weeks ago
253
Posts created
376
Kudos given
1
Solutions
429
Kudos received
My Ideas
(56 Idea Submissions)Latest Contributions by JohnMDye
|
IDEA
|
@Chris_Counsell bit of a bad take. The privilege to manage another user's content is an administrative privilege and allows them to not manage just the one content item you intend, but any other user's content. It's asking for trouble. It's a solution that shouldn't be offered up lightly. Using a shared account is only a slightly better approach, but is still playing incredibly fast and loose with security. An even bigger challenge with both this suggestion and the previous is that when you grant any administrative privilege to a user, you end up exposing every single service in the organization to that user because I guess Portal now considers them a semi-administrator. It's kind of bananas. Shared Accounts are almost never a good idea, regardless of data sensitivity or classification. To maintain security, one should use a centralized group that several users can contribute curated content to. Shared Update Groups are by far the best suggestion here but they have their limitations. For one, if an item could have multiple owners then decommissioning a user account that was being removed from the organization would be far easier as you wouldn't run into as many issues with having to find a new owner for the departing user's content before you removed them. It is a real headache for org admins. Props to @DamianSmith for having the foresight to see that coming if/when he leaves his org and bringing it up now to save his org admin some grief.
... View more
2 weeks ago
|
0
|
0
|
99
|
|
IDEA
|
What Esri doesn't seem to understand is that there is zero reason to license by named user at all for Enterprise/Server. Just license by individual core. That is it. Scaling the platform to maintain performance and reliability will automatically increase licensing costs proportionally. Who cares if I have 10,000 named users if I only ever have 100 concurrent connections? That's what matters and what should drive cost - actual usage. The Named User Licensing scheme coupled with the inability to license less than 4 cores cause 98% of licensing complexities and inefficiencies that lead to customer frustration.
... View more
2 weeks ago
|
0
|
0
|
20
|
|
IDEA
|
@NicEverdell I don't have any issue with an "Expiration" configuration setting that an Admin could set to 'Session', indicating that the User Acceptance is presented again with every new session and logged each time. That said, whether or not you need this message to be presented with every session is entirely dependent on the message being presented. Let's step outside of the box of highly regulated industries for a moment and think about those who are not - as we all must do when thinking about how Esri technology should be implemented given that it is used in every industry imaginable. What if you just wanted to use the Access Notice capability as a way to present the Terms of Service and require acceptance? Do you really want to present the ToS with every session? Probably not, that would get annoying very quickly. What if you just wanted to use the Access Notice capability to present a code of conduct? Or maybe a privacy notice? What if you just wanted users to acknowledge that there is a maintenance window coming on MM/DD/YYYY from HH:MM:SS to HH:MM:SS and the platform will be unavailable, or maybe in Read Only mode during that time? Could you use a banner as a more passive way to present this information Sure! But you what if you want logging behind the acceptance. That would be a new thing for a banner to do, but not a modal dialog. Ultimately, I don't think we're on different wavelengths. I'm just asking for logging of acceptance and configurable Expiration setting.
... View more
11-20-2020
10:33 AM
|
0
|
0
|
169
|
|
IDEA
|
ArcGIS Enterprise 10.8.1 introduced the Access Notice, which is a great and fantastic capability for ensuring user's are informed of really important items. While the feature is very useful, it would be more useful with a couple of additional configuration options for logging user acceptance and expiration. Logging options: For heavily regulated industries, this capability could be used to require acceptance or acknowledgement of risks, data sensitivity, limitations and all sorts of other things. Half of the point of doing that is to ensure the user is informed and understands the issue. The other half of it is giving the administrator an audit trail to demonstrate that the user accepted or acknowledged, and it is this second half that is missing. It would be nice when configuring the access notice, to be able to configure it to keep a log - perhaps in a hosted table service - to keep track and have an auditable trail indicating which users have accepted/acknowledged and when. It's the simplest feature service with editor tracking enabled. Obviously however, this wouldn't work for Portal's with anonymous access enabled and I think that's fine as someone without an account is unlikely to need to be audited in the first place. Its typically the authenticated users that you need to track in this way. Expiration Currently, the acceptance just writes to a cookie, which is configured to expire with the browser session. That means that if a user visits your Portal 5 times in the same day using 5 different browser sessions, they will have to acknowledge/accept 5 different times. That doesn't seem logical. We really only need them to acknowledge/accept once every n-days. So I'd offer that there needs to be a configuration option here to allow us to set the expiration to a value that meets our organizational requirements. These two combined together would make for much more useful Access Notice capability.
... View more
11-16-2020
11:19 AM
|
1
|
2
|
208
|
|
IDEA
|
It would also be nice if such a config were shareable with others. IE. Import/Export ArcToolbox configuration. Pro reads the config on init, implements it and the user can make changes from there, which will apply edits to the config file. Share that config file with others, they import it and round and round we go.
... View more
11-16-2020
08:51 AM
|
0
|
0
|
271
|
|
IDEA
|
Hi @CalvinLietz , thanks for the response. I suppose ultimately I am actually talking about an improvement to Enteprrise Groups. There is one main thing preventing me from leveraging them in the way I want (or perhaps I just don't know how?) As far as I know, currently you can link an Portal Group to an AD Group, but you have to create that Portal Group manually and specify the group it should link to. This is a good feature for long-running projects or projects with large numbers of users, but it doesn't serve the need of grouping colleagues together well because no one is going to manually create that many groups and link them to the appropriate AD groups. I want the Portal, when a user account is added to automatically figure out which organizational unit belongs to based on the AD Metadata I provide it, and automatically put that user into a Portal group with that Organizational Unit ID/Name or whatever AD Meta I provide it. If a group does not already exist, then the Portal should create that group. Existing users should also be joined to their respective Organizational Groups as determined by AD. This would allow end users to more easily share content with their sibling teams and customers. Rather than having to create a special group for their customers and actively manage it, they could just share it with the organizational groups they know those individuals belong to.
... View more
11-13-2020
06:28 AM
|
0
|
0
|
165
|
|
IDEA
|
Administrative Groups are new to ArcGIS Online with the June 2019 Update and they seem pretty useful. Eventually, they will make their way to ArcGIS Enterprise and they will be useful there as well. There is one feature they have however, that limits their usefulness within ArcGIS Enterprise: "Administrative groups offer an additional level of control for organizations because they prevent members from leaving the group unless they’re removed by a group owner or manager." - https://www.esri.com/arcgis-blog/products/arcgis-online/administration/getting-to-know-administrative-groups-in-arcgis-online/ Dang. Group Owners and Group Managers can remove someone from an Administrative Group? So close, but this is not the type of group I'm looking for. I need an Administrative Group that is linked to Active Directory, wherein: Membership is controlled by Active Directory Group Owners and Group Managers are unable to remove someone from the group Accounts are automatically created for new users added to a group if one does not exist for them already What possible use could this have? How about self-managing groups based on Organizational structures?! Most Enterprises use Active Directory (AD). There is a method to the madness of AD. In most cases, the methodology is pretty simple. AD Users are organized into Units, Groups, Departments or something along those lines. With the above in place, an Administrator could: Create a new group in their Portal, let's call it the "Board of Directors" group. Set a person, let's say the "Chairman of the Board" whoever that person is, as the Group Owner Link the "Board of Directors" group to their AD group When this happens, Portal would read the AD group and create accounts for any users in the AD group that did not already exist in the Portal, and add them to the "Board of Directors" group - which would be an "Administrative Group" that they could not leave without leaving the linked AD Group, which in most cases would probably mean the departing user is no longer on the Board of Directors. When the user departs the linked AD group, they go back into the general pool of users or, if they are moved to a different AD linked Administrative Group, poof they get sucked into that Group. I call it, "Organizational Groups" because its based on Organizational Structure. Let's see this in ArcGIS 10.10 /11 whatever comes after 10.9
... View more
11-12-2020
12:29 PM
|
0
|
2
|
192
|
|
IDEA
|
Same story here. Puppet is the Enterprise Standard for us. We have an exception that allows us to use Chef but it would be nice to be able to use Puppet.
... View more
11-12-2020
09:29 AM
|
0
|
0
|
144
|
Activity Feed
- Got a Kudo for Allow Python Notebooks subscribe to Enterprise Webhook Events. Sunday
- Got a Kudo for Re: Survey123 Tricks of the Trade: Web form URL parameters. 2 weeks ago
- Posted Re: Ability to add an additional owner to web feature layer on ArcGIS Online Ideas. 2 weeks ago
- Kudoed Ability to add an additional owner to web feature layer for DamianSmith. 2 weeks ago
- Kudoed ArcGIS Server Manager Should have ability to schedule GPServers for SimonMorgan. 2 weeks ago
- Posted Re: Create a 4x Webapp builder on ArcGIS Web AppBuilder Ideas. 2 weeks ago
- Posted Re: Poor licensing forces poor hardware architecture on ArcGIS Enterprise Ideas. 2 weeks ago
- Kudoed Arcgis servers should respect portal security for JeffTimm. 2 weeks ago
- Got a Kudo for Attribute Rules should be enforced at the Database level. 11-25-2020 03:45 PM
- Got a Kudo for Add an HTML Email Builder for Emails sent from Portal. 11-23-2020 08:18 AM
- Posted Re: Access Notice Logging and Expiration Configuration on ArcGIS Enterprise Ideas. 11-20-2020 10:33 AM
- Got a Kudo for Control User Roles through AD Groups. 11-20-2020 09:16 AM
- Got a Kudo for Access Notice Logging and Expiration Configuration. 11-19-2020 03:41 PM
- Posted Access Notice Logging and Expiration Configuration on ArcGIS Enterprise Ideas. 11-16-2020 11:19 AM
- Posted Re: Enable ArcToolbox customization on ArcGIS Pro Ideas. 11-16-2020 08:51 AM
- Kudoed Enable ArcToolbox customization for DanPatterson. 11-16-2020 08:49 AM
- Posted Re: Organizational Groups on ArcGIS Enterprise Ideas. 11-13-2020 06:28 AM
- Got a Kudo for Re: Welcome to the New GeoNet (Esri) Community!. 11-12-2020 04:57 PM
- Posted Re: Allow us to customize ArcGIS Online Item Buttons on Developers Ideas. 11-12-2020 12:52 PM
- Got a Kudo for Re: Welcome to the New GeoNet (Esri) Community!. 11-12-2020 12:44 PM
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
2 weeks ago
|