I've just gone through saying no for the third time to a user who maintains a third party application that ingests an ArcGIS Server service. What did I say no to? I said no to giving them Publisher rights. Why did I say no? Because a publisher can modify any service in any folder, ie they can pretty much do everything. So if I have 10 separate applications that ingest a service each publisher would be able to modify any of the services and therefore potentially cause issues for other applications and their users.
I'm not a control freak. I consider myself very trusting, but IT security policy also applies within GIS. It's not just about accountability or blame it's about persistence, service stability, uptime and education. I've gone to ArcGIS ideas and 'Promoted' a previous idea for increased granular security in ArcGIS Server. I'd request that if you consider this to be useful to your organization, now or in the future, to go to the idea and also promote it. Go to http://ideas.arcgis.com/apex/ideaSearchResults?s=granular+security
Regardless, I'd like to hear your ideas. Possibly you have a work around for me. I know we could set up a separate instance of ArcGIS Server for each application - not viable. We could also set up a test instance - additional administration requirements but more feasible. And, I've heard that you can ingest map services from ArcGIS Online so the maps could be published to ArcGIS Online and then ingested back into the application - not a bad idea but we're not using ArcGIS Online in an enterprise sense yet and I've been advised that ArcGIS Online can require a great deal of effort to administer; plus, can edits to the original database occur through an ArcGIS Online map service?
Looking forward to your thoughts!