Missing layers in ArcCatalog in 10.5.1 related to 'VIEW PERMISSIONS'

Discussion created by micsbjc on Oct 4, 2017
Latest reply on Oct 5, 2017 by mvolz47

If you are using ArcEditor/ArcMap in 10.5.1 and you are cannot see some layers then read on..

We run multiple SQL 2016 Instances and multiple databases within instances.

Our Enterprise Geodatabase resides within this environment

We do not define individual users to the Instance or the database, all access is defined via AD groups.

The users are members of AD groups

The AD groups are defined to the Instance

The AD groups are granted membership of SQL roles within the Instance and the database

We use ArCatalog to grant the SQL roles to individual layers

When we started migrating to ArcCatalog 10.5.1 (from 10.2.1) we noticed that some users could no longer see certain layers within ArcCatalog

We tracked it down to these users belonging to groups that granted ‘VIEW PERMISSIONS’ at the Instance level.

Removing ‘VIEW PERMISSIONS’ allowed them to see the correct results in ArcCatalog.

So our ‘fix’ was to remove ‘VIEW PERMISSIONS’. However the ‘proper’ fix would be to identify why granting additional access (which is what ‘GRANT PERMSSIONS’ does in a normal SQL environment) resulted in a reduction in access in ArcCatalog

Has anyone else seen this issue? If so, what action did you take?