Allow user to only view items shared with their Group

4243
11
Jump to solution
02-13-2018 10:13 AM
Lake_Worth_BeachAdmin
Occasional Contributor III

I want to accomplish the following:

- create a group in AGOL

- add a new user to this group (only member of this new group)

- only allow this user to view (or edit depending on data I share) to items that are shared with the group

- do not allow this user to view/edit any other items ion the Organization  (excluding public view able data)

the issue I am having: once I add this new user to my organization, I add them to the new group and share items with the group respectively. HOWEVER, the new user will also be allowed to view other items in the Organization (even if the items are not publicly view able).

How can I set properties/create group to only allow a user to view items that are shared with that group

1 Solution

Accepted Solutions
by Anonymous User
Not applicable

Create a custom role (you can use viewer as the template) and remove the ability to "view groups shared with the organization". Without this privilege they will only be able to see groups they are a member of. 

 

You probably also want to uncheck "view content shared with the organization", That way content outside of groups that has been shared with the organization is also inaccessible to them.

 

Depending on your scenario you could also consider unchecking "view" under members. This means they won't be able to see the list of members in your organization on the organization page.

 

View solution in original post

11 Replies
by Anonymous User
Not applicable

Create a custom role (you can use viewer as the template) and remove the ability to "view groups shared with the organization". Without this privilege they will only be able to see groups they are a member of. 

 

You probably also want to uncheck "view content shared with the organization", That way content outside of groups that has been shared with the organization is also inaccessible to them.

 

Depending on your scenario you could also consider unchecking "view" under members. This means they won't be able to see the list of members in your organization on the organization page.

 

Lake_Worth_BeachAdmin
Occasional Contributor III

thank you KCullen-esristaff‌ for the great response! this is exactly what I was looking for!

0 Kudos
SimonSchütte_ct
Occasional Contributor III

I can not find the settings mentioned here in the latest AGOL release. Is there any way to disable the View permissions mentioned here for a role?

0 Kudos
by Anonymous User
Not applicable

This is exactly what I was looking for too. Thanks Katie!!

However, when I apply the changes as stated above, the user can still go to Content > My Organization and view content that is not shared with their group. I only want them to view content shared with the group. Any thoughts on how I can resolve this?

0 Kudos
by Anonymous User
Not applicable

Did you also uncheck "view content shared with the organization"? If you want you can share a screen shot of how you configured your custom role.

0 Kudos
by Anonymous User
Not applicable

Yes, below is a screenshot. It is not showing all of the organization's content, only a few random maps and layers. I am not seeing a reason why these are view able, but the other content is not.

0 Kudos
by Anonymous User
Not applicable

Is the content they can see shared publicly? The user will still be able to see public content.

0 Kudos
by Anonymous User
Not applicable

Yes, it was shared publicly. That was why. Thanks for the help!

JacobMcCoy1
New Contributor II

Hello, thank you for this discussion. I am experiencing the same issue as Jake but I DO NOT want members within certain groups to be able to even view publicly shared content. I want them to be editors within their own group but not for other layers outside of their group. I have to keep certain layers within the whole organization public because they are shared on our website for the community to use, but I don't want others to be able to edit them. Does this make sense? Is there a work-a-round for that?

0 Kudos