Is it possible to prevent feature services from being shared outside of the host ArcGIS Enterprise?

994
7
Jump to solution
03-15-2023 08:06 AM
RyanUthoff
Occasional Contributor III

In ArcGIS Enterprise, I am wondering if it is possible to prevent feature services from being used outside of the host ArcGIS Enterprise environment?

For example, I publish a feature service to our ArcGIS Enterprise environment. What I am wondering is if it is possible to prevent them from taking the feature service REST endpoint URL and putting it in completely different ArcGIS Enterprise/AGOL environment? Since users have access to that REST endpoint URL, they can theoretically add it to any environment they want to as long as they have permission to access it on the host ArcGIS Enterprise environment. I was wondering if we could prevent that from happening in any way?

I know there is the extreme solution of making ArcGIS Enterprise VPN access only, but didn't know if there was anything else we could do.

1 Solution

Accepted Solutions
Richard_Purkis
Esri Contributor

Hi @RyanUthoff 

I believe the solution you are looking for is to set limit usage on the secure services. This means that services will only be able to used in urls that you define such as your maps / apps. More information available here: 

Hope this helps

View solution in original post

7 Replies
berniejconnors
Occasional Contributor III

Ryan,

        I beleive the answer here is Portal.  Publish the feature service in Portal then only the named users with access to the feature service in Portal can have access.  But they will still be able to consume the feature service in multiple ways with different apps.  I don't use Portal so I am really speaking off the cuff.

Bernie.

0 Kudos
RyanUthoff
Occasional Contributor III

Right, but the named users with access can add it to other Portals/AGOL if they wanted to, which is what I would like to prevent. They can add it to any Portal/AGOL as long as they authenticate it against the host Portal when they add it.

0 Kudos
Richard_Purkis
Esri Contributor

Hi @RyanUthoff 

I believe the solution you are looking for is to set limit usage on the secure services. This means that services will only be able to used in urls that you define such as your maps / apps. More information available here: 

Hope this helps

YanfenLe
New Contributor III

Thanks Richard for sharing that this can now be done at item level at recent releases!

0 Kudos
RyanUthoff
Occasional Contributor III

Hmm, that looks really promising. Except, it doesn't seem to apply to feature services published directly to Portal. Only ones that you manually add through a URL.

I just published a test feature service to our 10.9.1 Portal and did NOT share it (like the instructions say). When I go into the feature service settings, there is no limit usage settings.

However, if I add a feature service REST URL from our other Portal, the Limit Usage section is there.

0 Kudos
Richard_Purkis
Esri Contributor

Hi @RyanUthoff

I believe this is expected as it only applies to secure ArcGIS Server services. If you add the url from the ArcGIS Server rest end point into Portal as a content item and opt to store credentials you will have the option to apply limit usage to the layer

Hope this helps

0 Kudos
YanfenLe
New Contributor III

Have you tried the "Allowed Origin" under Portal > Setting > Security?

0 Kudos