Community
Select to view content in your preferred language

Restricting Editing in a Portal Web Application

964
2
Jump to solution
01-26-2018 06:04 AM
NikolasSchmidt
by
New Contributor III
‎01-26-2018 06:04 AM

My organization would like to have Applications that are available to view by all Users within our Portal, but have editing privileges for the Layer(s) available only to named Group(s) and/or named User(s). My plan to go about doing this is to create a custom Widget to incorporate into all such Applications through which the publisher can specify either named Group(s) and/or User(s), as well as the Layer(s) that can be edited through the Application.

I'm not very far along on this project, but I'd like to get some information before beginning:

  • Is this an effective solution to solving the problem?
  • Are there other existing solutions to this problem that would be easier to incorporate?
  • Would is be easier to create a wrapper widget that simply verifies that the current user is approved, then enables the out-of-the-box editor widget?
  • Any other advice or thoughts?

Thank you!

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
XanderBakker
by Esri Esteemed Contributor
Esri Esteemed Contributor
‎01-26-2018 08:21 AM

I think this is typically why Create hosted feature layer views—Portal for ArcGIS | ArcGIS Enterprise were implemented. Allowing to create views on a single hosted feature layer and assign different permissions on the views will should allow you to do this.

View solution in original post

2 Replies
JordanBaumgardner
by
Occasional Contributor III
‎01-26-2018 07:32 AM

If you have access to the ArcGis Servers a Server Object Interceptor (SOI) might work for you. We implemented a Feature Level security for a client. When the request for an edit/update/delete came in, we grabbed it, looked up the user to see if they had access to that feature, if so, we let the call go through, if not, we send back an error.

It's an entirely different toolset than your using on the client side.

A simpler option is to have two sets of Services, one for viewing and one for editing. Then lock the editable services down to just the groups you wish to have edit privileges. 

Another option is to set up a proxy - send your calls through the proxy, check security and pass or reject. Again, probably a different toolset than you might be used to. This solution also has the Client-Side only issues listed below.

Your current option is not a bad one either. But with a client-side only solution is that you still will have a back door. The widget might be disabled, but the rest endpoint would still be active and open. 

XanderBakker
by Esri Esteemed Contributor
Esri Esteemed Contributor
‎01-26-2018 08:21 AM

I think this is typically why Create hosted feature layer views—Portal for ArcGIS | ArcGIS Enterprise were implemented. Allowing to create views on a single hosted feature layer and assign different permissions on the views will should allow you to do this.