AnsweredAssumed Answered

What message does IdentityManager provide for insufficient access?

Question asked by ndilekli on Aug 14, 2017
Latest reply on Aug 15, 2017 by TSolow-esristaff

I have two types of users in my ArcGIS server user base; mappers and editors. As you can imagine only editors can view and edit the FeatureLayers. I see a strange behavior, though. When prompted for login at a site with secured services, a mapper can enter his/her credentials, without any problems at the login screen. Mapper user won't be able to see the featurelayers, but the server won't generate any errors either.

 

So I thought I could manually create an alert or something, based on the successful / failed authorization. For that, I looked at what IdentityManager generates for the mapper vs editor users. The results look identical. For both of them, findCredential method (with userId and secured service URL as parameters) return this credential object:

  1. creationTime:1502747512054
  2. expires:1502751112194
  3. isAdmin:undefined
  4. resources:["some service"]
  5. scope:"server"
  6. server:"some server"
  7. ssl:false
  8. token:"IcXTutjVEYmbP7LuYKqmO-wDyUx56vW5xjbN8LrENGo."
  9. userId:"someMapper/Editor"
  10. validity:60

 

First, how come the server generates a token with validity for a mapper user, while that user can't view that resource? 

 

Secondly, how can I programmatically tell if a user has or doesn't have access to some resource?

 

Thanks

Outcomes