I have two types of users in my ArcGIS server user base; mappers and editors. As you can imagine only editors can view and edit the FeatureLayers. I see a strange behavior, though. When prompted for login at a site with secured services, a mapper can enter his/her credentials, without any problems at the login screen. Mapper user won't be able to see the featurelayers, but the server won't generate any errors either.
So I thought I could manually create an alert or something, based on the successful / failed authorization. For that, I looked at what IdentityManager generates for the mapper vs editor users. The results look identical. For both of them, findCredential method (with userId and secured service URL as parameters) return this credential object:
- resources:["some service"]
- server:"some server"
First, how come the server generates a token with validity for a mapper user, while that user can't view that resource?
Secondly, how can I programmatically tell if a user has or doesn't have access to some resource?