I want to accomplish the following:
- create a group in AGOL
- add a new user to this group (only member of this new group)
- only allow this user to view (or edit depending on data I share) to items that are shared with the group
- do not allow this user to view/edit any other items ion the Organization (excluding public view able data)
the issue I am having: once I add this new user to my organization, I add them to the new group and share items with the group respectively. HOWEVER, the new user will also be allowed to view other items in the Organization (even if the items are not publicly view able).
How can I set properties/create group to only allow a user to view items that are shared with that group
Solved! Go to Solution.
Create a custom role (you can use viewer as the template) and remove the ability to "view groups shared with the organization". Without this privilege they will only be able to see groups they are a member of.
You probably also want to uncheck "view content shared with the organization", That way content outside of groups that has been shared with the organization is also inaccessible to them.
Depending on your scenario you could also consider unchecking "view" under members. This means they won't be able to see the list of members in your organization on the organization page.
Create a custom role (you can use viewer as the template) and remove the ability to "view groups shared with the organization". Without this privilege they will only be able to see groups they are a member of.
You probably also want to uncheck "view content shared with the organization", That way content outside of groups that has been shared with the organization is also inaccessible to them.
Depending on your scenario you could also consider unchecking "view" under members. This means they won't be able to see the list of members in your organization on the organization page.
thank you KCullen-esristaff for the great response! this is exactly what I was looking for!
I can not find the settings mentioned here in the latest AGOL release. Is there any way to disable the View permissions mentioned here for a role?
This is exactly what I was looking for too. Thanks Katie!!
However, when I apply the changes as stated above, the user can still go to Content > My Organization and view content that is not shared with their group. I only want them to view content shared with the group. Any thoughts on how I can resolve this?
Did you also uncheck "view content shared with the organization"? If you want you can share a screen shot of how you configured your custom role.
Yes, below is a screenshot. It is not showing all of the organization's content, only a few random maps and layers. I am not seeing a reason why these are view able, but the other content is not.
Is the content they can see shared publicly? The user will still be able to see public content.
Yes, it was shared publicly. That was why. Thanks for the help!
Hello, thank you for this discussion. I am experiencing the same issue as Jake but I DO NOT want members within certain groups to be able to even view publicly shared content. I want them to be editors within their own group but not for other layers outside of their group. I have to keep certain layers within the whole organization public because they are shared on our website for the community to use, but I don't want others to be able to edit them. Does this make sense? Is there a work-a-round for that?