In ArcGIS Enterprise, privileges are a set of strings used to manage access to secure resources in ArcGIS. They are assigned to two types of entities:
- ArcGIS accounts used by ArcGIS users.
- Access tokens used by applications.
Privileges for accounts
All ArcGIS accounts have a list of privileges associated with them that determine the services, content, and operations the user is authorized to access.
Privileges for ArcGIS Enterprise accounts are managed through roles assigned to members by an organization administrator. To learn more, go to User types, roles, and privileges in the ArcGIS Enterprise documentation.
Privileges for access tokens
Access tokens have privileges associated with them that determine the services, content, and operations they are authorized to access. These access tokens are used by applications to access ArcGIS resources and perform operations using ArcGIS services.
The type of authentication used to obtain an access token determines how its privileges are managed. Generally, token privileges are managed through developer credentials, which allow for the setting of specific privileges as well as item access. In user authentication, access token privileges are not assigned manually, and are rather inherited from the privileges of the signed-in ArcGIS account.
Access tokens with specific privileges are supported in ArcGIS Location Platform, ArcGIS Online, and ArcGIS Enterprise. They are created using Developer credentials configured for API key authentication or App authentication.
| Type of authentication | Type of developer credential | Privilege management |
|---|---|---|
| API key authentication | API key credentials | Privileges are assigned using developer credentials. |
| App authentication | OAuth 2.0 credentials (For app authentication) | Privileges are assigned using developer credentials. |
| User authentication | OAuth 2.0 credentials (For user authentication) | Privileges are inherited from the signed-in ArcGIS account. |
The exact list of privileges associated with a token can be obtained using a /self request.
List of privileges
The following table lists all privileges available for ArcGIS Enterprise by category. The actual privileges available to an ArcGIS Enterprise account vary based on the account's user type and roles.
| Category | Label | Privilege string | Description |
|---|---|---|---|
| Members | View | portal | Allow application to view members of the organization. |
| Groups | Create, update, and delete | portal | Allow application to create, edit, and delete their own groups. |
| Groups | Join organizational groups | portal | Allow application to join groups within your organization. |
| Groups | View groups shared with organization | portal | Allow application to view groups shared with the organization. |
| Groups | Add members from other organizations | portal | Allow application to create groups that allow members from other organizations, as well as invite external members to groups. |
| Content | Generate API keys | portal | Allow application to generate API keys. |
| Content | Assign privileges to OAuth 2.0 applications | portal | Allow application to assign privileges to OAuth 2.0 applications. |
| Content | Create, update, and delete | portal | Allow application to create, edit, and delete their own content. |
| Content | Publish hosted feature layers | portal | Allow application to publish hosted feature layers from shapefiles, CSVs, etc. |
| Content | Publish hosted tile layers | portal | Allow application to publish hosted tile layers from tile packages, features, etc. |
| Content | Publish hosted scene layers | portal | Allow application to publish hosted scene layers. |
| Content | Published hosted tiled imagery layers | portal | Allow application to publish hosted tiled imagery layers from a single image or collection of images. Requires an ArcGIS Image for ArcGIS Online user type extension. |
| Content | Publish hosted dynamic imagery layers | portal | Allow application to publish hosted dynamic imagery layers from a single image or collection of images. |
| Content | View content shared with organization | portal | Allow application to view content shared to the organization. |
| Content | View location tracks | portal | Allow application to view members' location tracks via shared track views when location sharing is enabled. |
| Content | Reassign content | portal | Allow application to reassign ownership of content owned by the account to another member. |
| Content | Receive content | portal | Allow application to receive content assigned to them by another member. |
| Content | Publish livestream video | portal | Allow application to publish livestream videos. |
| Content | Publish real-time analytics | portal | Allow application to publish real-time analytics to analyze and process real-time data using ArcGIS Velocity. |
| Content | Publish server-based layers | portal | Allow application to publish server-based layers. |
| Content | Publish video | portal | Allow application to publish videos. |
| Content | Register data stores | portal | Allow application to register video stores. |
| Content | View hosted feature services | portal | Allow application to view hosted feature services. |
| Content | View hosted tile services | portal | Allow application to view hosted tile services. |
| Content | Categorize items | portal | Allow application to set the category of items you own. |
| Content | Manage feature layer webhooks | portal | Allow application to manage webhooks for feature layers. |
| Content | Bulk publish from data stores | portal | Allow application to bulk publish data from data stores. |
| Content | Publish big data analytics | portal | Allow application to publish big data analytics and process historical observation data using ArcGIS Velocity. |
| Content | Publish feeds | portal | Allow application to publish feeds. |
| Content | Publish knowledge graphs | portal | Allow application to publish knowledge graphs. |
| Sharing | Share with groups | portal | Allow application to share content to groups. |
| Sharing | Share with organization | portal | Allow application to share content to your organization. |
| Sharing | Share with public | portal | Allow application to share their content publicly if permitted by the organization's public sharing policy. |
| Sharing | Make groups visible to organization | portal | Allow application to make groups discoverable by your organization. |
| Sharing | Make groups visible to public | portal | Allow application to make groups discoverable by the public. |
| Features | Edit | features | Allow application to edit features in editable layers that are not public, based on the edit options enabled on the layer. |
| Features | Edit with full control | features | Allow application to add, delete, and update features in an editable, hosted feature layer, regardless of the editing options enabled on the layer. |
| Features | Manage feature layer versions | features | Allow application to manage feature layer version control settings. |
| Premium content | Create notebooks | premium | Allow application to create and edit interactive notebooks. |
| Premium content | Schedule notebooks | premium | Allow application to schedule future automated runs of a notebook. |
| Premium content | Create advanced notebooks | premium | Allow application to import and use ArcPy modules in ArcGIS Notebooks. |
| Premium content | Demographic maps | premium | Allow application to access demographic maps in ArcGIS Living Atlas. |
| Premium content | Feature report | premium | Allow application to create feature reports in ArcGIS Survey123. |
| Premium content | Run web tools | portal | Allow application to run web tools. |
Tutorials
Create an API key
Create and configure API key credentials to get a long-lived API key access token.