Roles and Privileges in AGOL

Mike:

I am attempting to provide access for external clients to see a project map and data via Esri’s ArcGIS Online (AGOL).  We have AGOL maps with secure maps services from our on-premises ArcGIS for Server with ADFS/SAML enterprise user logins.  Our AGOL subscription has many internal staff and external client members in the “Organization”.  I have created a Role using the Viewer Template (Join organization groups, only) that is applied to external members setting them up with the most restrictive privileges.

Using the new Web AppBuilder for ArcGIS (WAB) in AGOL, I created and published a project WAB map app. Very nice, I like it.  I can share the project WAB map app URL to a user and no organizational info is exposed from within the map or data layers. However, if a user were to take the URL down to the root (://<name>.maps.arcrcgis .com) in a browser, they are able to access our AGOL web pages and see more organizational information than I am comfortable with, like all the names and email addresses of all our members (both staff and clients).  We need to provide more confidentiality than that.

Confidentiality and security are important to our clients and to us when delivering project web map applications.

I would like to be able to create a “Role” applied to external user members to allow access to see a WAB map application, but restrictive enough to not see organizational membership information.  Make the “My Organization” hyperlink not appear for a basic viewer role.

Does your client have their own subscription to arcgis online? If so, you can share privately to a group you are both members of. This is the recommended workflow. AGOL organizations are not really suited to consulting workflows, where people from outside the organization are brought in

However, I can see the the merits of your request. It also can apply when an organization invites a consultant into their organization for a project. I will write up the suggestion. No guarantees it will get implemented, however.

Thanks,

Mike

Mike:

Thank you for your consideration.

Our clients do not have their own subscription to AGOL nor do they have the staff to administrate and use AGOL.  That is what they hire us to do.

We used to deliver secure project web maps to our clients via ArcIMS and later with Web ADF .NET map applications.  We are "all in" with AGOL and thought that it could provide a new modern solution to deliver secure project web maps to external clients by adding them as Members of our AGOL organization.  Forgive me for being a bit surprised by your statement: "AGOL organizations are not really suited to consulting workflows, where people from outside the organization are brought in."  I think that a few minor adjustments afforded the administrator of an AGOL organization could make this perfect for uses that I have described in this thread.

Once again, thank you for you time and thoughts.

Sincerely,

Joe

Mike:

Another concept.

Within the User’s Profile, there is an option under “Who can see your profile?” to set the profile to Private.  The AGOL site administrator also has the rights to change this setting.

Making a profile “Private” does not exclude the profile member from appearing in the “My Organization” list.

How about:

A) setting a profile to Private also removes the member’s name from the My Organization list for complete anonymity.

or

B) add a new option under the member profile giving the site administrator rights to remove the member name from the My Organization list when viewed by others?

Thanks for listening.