Manage access

ArcGIS Enterprise on Kubernetes provides multiple ways for organizations to manage how their members access and interact with its content. One way is by assigning members specific privileges through custom roles that include administrative privileges, such as the ability to manage an organization's security configuration. These custom roles allow organizations to delegate administrative tasks without having to assign the default administrator role to multiple members.

Only members assigned specific administrative and Publisher role privileges will be able to access the ArcGIS Enterprise Administrator API itself. Further access to resources and operations is restricted based on the endpoints that are associated with, or required by, their role's privileges.

Privilege-based access

Members are only able to access some endpoints in the ArcGIS Enterprise Admin API based on the privileges assigned to their role. Resources and operations that are not accessible to members are inaccessible through the UI or return errors if they are accessed through URL paths.

The following table shows which administrative privileges are authorized to access the ArcGIS Enterprise Admin API that can be assigned to users:

In addition to the administrative privileges listed above, users assigned the Publisher default role will also be able to access the ArcGIS Enterprise Admin API.

Endpoint access

The following sections outline the access provided to each administrative privilege, as well as which endpoints are available to users assigned the Publisher role. Users assigned the default administrator role have access to every endpoint in the ArcGIS Enterprise Admin API. Endpoints that are only accessible to those assigned the default administrator role are specified below.

Enterprise admin root

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Root
Configure

Organizations

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Organizations
Organization
Security
Users
Create User
Get Enterprise User
Search Enterprise User
Refresh Membership
Groups
Get Users Within Enterprise Groups
Get Enterprise Groups for User
Search Enterprise Groups
Refresh Membership
Licenses
Validate License
Import License
Update License Manager
Export Geodatabase License
Release License
Federation
Servers
Federate Server
Validate Servers
Server
Validate Server
Update Server
Unfederate Server
Properties
Update Properties

Services

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website	Feature layer	Geoprocessing	Organization webhooks
Services
Create Service
Create Folder
Can Create Service
Delete Services
Service Exists
Find Services
Refresh Auto-Deployed Services
Folder
System
Utilities
Service
Start Service
Stop Service
Edit Service
Change Provider
Delete Service
Status
Item Info
Edit Item Info
Upload Item Info
Delete Item Info
Scaling
Edit Scaling
Placement Policy
Edit Placement
Webhooks
Webhooks
Create
Delete All
Activate All
Deactivate All
Webhook
Edit Webhook
Delete Webhook
Notification Status
Jobs
Query Jobs
Job
Types
Type
Extensions
Providers
Webhooks
Webhook Settings
Properties
Update Properties

Security

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Security
Security Configuration
Update Security Configuration
Test Identity Store
Update Identity Store
Ingress Security Configuration
Update Ingress Security Configuration
SAML Security Configuration
Update SAML Security Configuration
Certificates
Identity Certificates
Import Identity Certificate
Identity Certificate
Delete Identity Certificate
Trust Certificates
Import Trust Certificate
Trust Certificate
Delete Trust Certificate

Uploads

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Uploads
Upload
Register
Configure
Uploaded Item
Commit
Upload Part
Download
Delete

Data stores

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Data Stores
Register Item
Unregister Item
Validate Data Item
Find Items
Datastore Configuration
Datastore
Status
Reset Standby
Switch Role
Configuration
Edit Configuration
Volumes
Edit
Status

System

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
System
Deployments
Deployment Default Properties
Property Template
Edit Property Template
Deployment
Edit Deployment
Refresh Deployment
Deployment Status
Volumes
Create Volumes
Volume Configurations
Create Volume Configurations
Container Registries
Container Registry
Edit Container Registry
Upgrades
Check Available Updates
Upgrade
Check Installed Updates
Check Rollback Options
Rollback
Import Version Manifest
Get Upgrade Settings
Current Version
History
Exports
Export
Configurations
Update Configurations
Disaster Recovery
Get Status
Stores
Register Backup Store
Backup Store
Unregister Backup Store
Update Backup Store
Validate Backup Store
Backups
Create Backup
Backup
Delete Backup
Restore Backup
Update Backup
Disaster Recovery Settings
Update Disaster Recovery Settings
Indexer
Index Status
Reindex
Properties
Update Properties
Web Adaptors
Web Adaptor Configuration
Update Web Adaptor Configuration
Web Adaptor
Unregister Web Adaptor
Content
Languages
Add Languages
Remove Languages
External Content
Updated External Content
Tasks
Create Task
Task
Edit Task
Delete Task
Enable Task
Disable Task
Runs
Run
Edit Run
Delete Run
Architecture Profiles
Development
Standard Availability
Enhanced Availability
Enterprise Functions
Add Enterprise Functions
Remove Enterprise Functions

Logs

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Logs
Clean
Export
Query
Search
Settings
Edit Settings
Update Log Index

Overview

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Overview
Overview Config
Update Overview Config

Mode

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Mode
Update Mode

Usage statistics

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Usage Statistics
Update Credentials

Jobs

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Jobs
Job

Health Check

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Health Check
Run Health Check
Suites
Suite
Reports
Query Reports
Delete Reports
Export Reports
Report
Rename

Cloud

	Default administrator role only	Publisher role	Manage Licenses	Links to organization-specific group	Update	Delete	Security and Infrastructure	Servers	Organization website
Cloud
Providers
Provider
Update Provider Credentials
Services
Service
Add Service Credentials