ArcGIS Enterprise provides multiple ways for organizations to manage how their members access and interact with the portal and its content. One way to manage member access is by creating custom roles, which provides fine-grained control over the privilegs that are granted to organization members. Privileges determine which tasks and workflows a member can perform within an organization. For example, a user assigned a custom role with the administrative privlege to manage the portal's website can modify the organization's default langauge settings, or the information included in the site banner and footer, whereas a user assigned a custom role with the administrative privilege to manange the organization's security can set the security policies and manage SSL certificates.
Access to the Portal Administrator API is also dependent on the privilegse a member is assigned. Access to the API is restrictied to a select number of privileges. When one of these privileges are included in a role assigned to an organization member, that member can access the API endpoints associated with, or required by, their role's privileges. All other endpoints are inaccessible.
The table below shows which administrative privileges are authorized to access the Portal Administrator API:
| Administrative privilege category | Privilege name |
|---|---|
Members |
|
Groups |
|
Portal Settings |
|
Privilege access
The following sections provide a high-level summary of each privilege that provides access to the API directory. The summaries for each privilege list both the front-end and back-end workflows that administrators have access to.
Add
Administrators assigned the Add privilege can add member accounts to the organization. For the Portal Administrator API, administrators assigned this privilege can access any endpoints relating to user management, such as Create User and Update Enterprise User. These administrators can also access log-related endpoints, such as Query Logs and Log Settings, as well view resources that return a high-level overview of the portal's information and configuration, such as Info and Mode.
Manage Licenses
Administrators assigned the Manage Licenses privilege can manage the licenses for organization members. For the Portal Administrator API, administrators assigned this privilege can access any endpoints related to licensing workflows, such Import License and Populate License. These administrators can also access log-related endpoints, such as Query Logs and Log Settings, as well view resources that return a high-level overview of the portal's information and configuration, such as Info and Mode.
Link to Organization-specific Group
Administrators assigned the Link to Organization-specific Groups privilege can link group membership to organization-specific groups. For the Portal Administrator API, administrators assigned this privilege can access to all operations and resources relating to group management, such as Refresh Group Membership and Get Enterprise Groups for User. Administrators assigned this privilege also have access to all endpoints related to federation workflows. These administrators can also access log-related endpoints, such as Query Logs and Log Settings, as well view resources that return a high-level overview of the portal's information and configuration, such as Info and Mode.
Security and Infrastructure
Administrators assigned the Security and Infrastructure privilege can configure the portal's security settings, such as enabling comments on organization items, managing the user types and add-on licenses assigned by default to new members, and configuring security policies. For the Portal Administrator API, administrators assigned this privilege can access the most API endpoints. This privilege provides full access to endpoints related to system and security workflows, as well almost full access to machine-related endpoints. These administrators can also view and clean logs, as well as update log settings. As with the other supported privileges, those assigned the Security and Infrastructure privilege are also able to view resources that return a high-level overview of the portal's information and configuration, such as Info and Mode.
Organization Website
Administrators assigned the Organization Website privlege can configure an organization's website settings, such as the organization's profile, it's help source, as well as configure Living Atlas and view system reports. For the Portal Administrator API, administrators assigned this privilege are can access endpoints related to system property, language, and content workflows, such as Update System Properties and Languages. These administrators can also access log-related endpoints, such as Query Logs and Log Settings, as well view resources that return a high-level overview of the portal's information and configuration, such as Info and Mode.
Collaborations
Administrators assigned the Collaborations privilege can configure and manage the organization's distributed collaborations, as well as view portal logs. For the Portal Administrator API, administrators assigned this privilege can access log-related endpoints, such as Query Logs and Log Settings, as well view resources that return a high-level overview of the portal's information and configuration, such as Info and Mode.
Member Roles
Administrators assigned the Member Roles privilege can configure the organization's member roles, change a member's assigned role, and view portal logs. For the Portal Administrator API, administrators assigned this privilege can access log-related endpoints, such as Query Logs and Log Settings, as well view resources that return a high-level overview of the portal's information and configuration, such as Info and Mode.
Servers
Administrators assigned the Servers privilege can configure the federated server sites for the organization, view and clean portal logs, and update portal log settings. For the Portal Administrator API, administrators assigned this privilege have access to endpoints that are part of the federation workflow, such as Validate Server and Federate Servers. These administrators can also access log-related endpoints, such as Query Logs and Log Settings, as well view resources that return a high-level overview of the portal's information and configuration, such as Info and Mode.
Utility Services
Administrators assigned the Utility Services privilege can configure the organization's utility services, enable location sharing, and view portal logs. For the Portal Administrator API, administrators assigned this privilege can access log-related endpoints, such as Query Logs and Log Settings, as well view resources that return a high-level overview of the portal's information and configuration, such as Info and Mode.