Skip To Content
ArcGIS Developers
Dashboard

Managing access to the Portal Administration REST API

ArcGIS Enterprise provides multiple ways for organizations to manage how their members access and interact with the portal and its content. One way organizations can manage their members' access is by assigning them specific privileges through default or custom roles. Privileges allow members to perform different tasks and workflows for an organization, such as allowing specific users to create and publish content while others can only view content.

At 10.7.1, organizations were able to create custom roles that included administrative privileges, such as the ability to manage the portal's look and feel or it's security configuration. Through these custom roles, organizations were able to delegate administrative tasks without having to assign the default administrator role to multiple members.

At 10.8, access to the Portal Administration API is based on these same privileges. Members can only access the resources and operations associated with, or required by, their role's privileges. This restrictive access model allows organizations to continue to delegate administrative tasks without providing full administrative access.

Privilege-based access

Members will only be able to access certain endpoints in the Portal Administration API based on the privileges assigned to their role. Resources and operations that are not accessible to members based on their assigned privileges will either be inaccessible through the UI or will return an error message when users with unauthorized privileges attempt to access them. The table below shows which administrative privileges are authorized to access the Portal Administration REST API:

Administrative privilege categoryPrivilege name

Members

Add | Manage Licenses

Groups

Link to Enterprise Groups

Portal Settings

Security and infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

Note:

Members who are assigned one of the privileges listed above will have access to the Logs and Mode resources, though access to their associated child operations and resources will vary depending on the specific privilege assigned to the user.

Endpoint access

This following section outlines the requirements to access each endpoint in the Portal Administration API.

Note:

Users assigned the default administrator role will have access to every endpoint in the Portal Administration API. Endpoints that are accessible only to those assigned the default administrator rile will be specified below.

Portal administration root

EndpointRequirement
/root

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

<root-url>/createNewSite

Default administrator role only

<root-url>/upgrade

Default administrator role only

<root-url>/exportSite

Default administrator role only

<root-url>/importSite

Default administrator role only

<root-url>/joinSite

Default administrator role only

System

EndpointRequirement
<root-url>/system

Security and Infrastructure | Organization Website

<system-url>/webadaptors

Security and Infrastructure

<webadaptors-url>/<web adaptor>

Security and Infrastructure

<webadaptor-url>/unregister

Security and Infrastructure

<webadaptors-url>/config

Security and Infrastructure

<config-url>/update

Security and Infrastructure

<system-url>/directories

Security and Infrastructure

<directories-url>/<directory>

Security and Infrastructure

<directory-url>/edit

Security and Infrastructure

<system-url>/database

Security and Infrastructure

<database-url>/updateAdminAccount

Security and Infrastructure

<database-url>/settings

Security and Infrastructure

<settings-url>/edit

Security and Infrastructure

<system-url>/indexer

Security and Infrastructure

<indexer-url>/status

Security and Infrastructure

<index-url>/reindex

Security and Infrastructure

<system-url>/properties

Security and Infrastructure | Organization Website

<properties-url>/update

Security and Infrastructure | Organization Website

<system-url>/languages

Security and Infrastructure | Organization Website

<languages-url>/update

Security and Infrastructure | Organization Website

<system-url>/content

Security and Infrastructure | Organization Website

<content-url>/configuration

Security and Infrastructure | Organization Website

/system/content/configuration/update

Security and Infrastructure | Organization Website

<system-url>/emailSettings

Security and Infrastructure

<emailSettings-url>/update

Security and Infrastructure

<emailSettings-url>/test

Security and Infrastructure

<emailSettings-url>/delete

Security and Infrastructure

Security

EndpointRequirement
<root-url>/security

Security and Infrastructure | Link to Enterprise Groups

<security-url>/users

Security and Infrastructure

<users-url>/createUser

Security and Infrastructure | Add

Note:

While the Create User operation is accessible to members assigned the Add privilege, they will not be able to navigate to it through the UI. Instead, they must enter the operation URL to access it. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/security/users/createUser

<users-url>/getEnterpriseUser

Security and Infrastructure | Add

Note:

While the Get Enterprise User operation is accessible to members assigned the Add privilege, they will not be able to navigate to it through the UI. Instead, they must enter the operation URL to access it. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/security/users/getEnterpriseUser

<users-url>/updateEnterpriseUser

Security and Infrastructure | Add

Note:

While the Update Enterprise User operation is accessible to members assigned the Add privilege, they will not be able to navigate to it through the UI. Instead, they must enter the operation URL to access it. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/security/users/updateEnterpriseUser

<users-url>/searchEnterpriseUsers

Security and Infrastructure | Add

Note:

While the Search Enterprise Users operation is accessible to members assigned the Add privilege, they will not be able to navigate to it through the UI. Instead, they must enter the operation URL to access it. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/security/users/searchEnterpriseUsers

<users-url>/refreshMembership

Security and Infrastructure

<security-url>/groups

Security and Infrastructure | Link to Enterprise Groups

<groups-url>/searchEnterpriseGroups

Security and Infrastructure | Link to Enterprise Groups

<groups-url>/refreshMembership

Security and Infrastructure | Link to Enterprise Groups

<groups-url>/getUsersWithinEnterpriseGroups

Security and Infrastructure | Link to Enterprise Groups

<groups-url>/getEnterpriseGroupsForUser

Security and Infrastructure | Link to Enterprise Groups

<security-url>/tokens

Security and Infrastructure

<tokens-url>/update

Security and Infrastructure

<security-url>/OAuth

Security and Infrastructure

<OAuth-url>/changeAppId

Security and Infrastructure

<OAuth-url>/getAppInfo

Security and Infrastructure

<OAuth-url>/updateAppInfo

Security and Infrastructure

<security-url>/config

Security and Infrastructure | Add

Note:

While the Security Config resource is accessible to members assigned the Add privilege, they will not be able to navigate to it through the UI. Instead, they must enter the resource URL to access it. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/security/config

<config-url>/update

Security and Infrastructure

<config-url>/updateIdentityStore

Security and Infrastructure

<config-url>/testIdentityStore

Security and Infrastructure

<security-url>/sslCertificates

Security and Infrastructure

<sslCertificates-url>/<certificate>

Security and Infrastructure

<sslCertificate-url>/generateCsr

Security and Infrastructure

<sslCertificate-url>/export

Security and Infrastructure

<sslCertificate-url>/delete

Security and Infrastructure

<sslCertificates-urk>/importSignedCertificate

Security and Infrastructure

<sslCertificates-url>/update

Security and Infrastructure

<sslCertificates-url>/generate

Security and Infrastructure

<sslCertificates-url>/importRootOrIntermediate

Security and Infrastructure

<sslCertificates-url>/importExistingServerCertificate

Security and Infrastructure

Federation

Machines

EndpointRequirement
<root-url>/machines

Default administrator role only

<machines-url>/status

Default administrator role only

<machines-url>/unregister

Default administrator role only

<machines-url>/<machine>

Security and Infrastructure

Note:

While the Machine resource is accessible for members assigned the Security and Infrastructure, they will not be able to navigate to it through the UI. Instead, they must enter the specific machine URL to access its child resources and operations. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/machines/MACHINE.DOMAIN.COM

<machine-url>/status

Security and Infrastructure

<machine-url>/sslCertificates

Security and Infrastructure

<sslCertificates-url>/update

Security and Infrastructure

<sslCertificates-url>/generate

Security and Infrastructure

<sslCertificates-url>/importRootOrIntermediate

Security and Infrastructure

<certificates-url>/importExistingServerCertificate

Security and Infrastructure

<sslCertificates-url>/<certificate>

Security and Infrastructure

<certificate-url>/generateCsr

Security and Infrastructure

<certificate-url>/export

Security and Infrastructure

<certificate-url>/delete

Security and Infrastructure

<certificate-url>/importSignedCertificate

Security and Infrastructure

Logs

EndpointRequirement
<root-url>/logs

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

<logs-url>/query

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

<logs-url>/clean

Security and Infrastructure | Servers

<logs-url>/settings

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

<settings-url>/edit

Security and Infrastructure | Servers

License

EndpointRequirement
<root-url>/license

Manage Licenses | Add privilege

<license-url>/getFutureLicense

Manage Licenses

<license-url>/validateLicense

Manage Licenses

<license-url>/importLicense

Manage Licenses

<license-url>/release license

Manage Licenses

<license-url>populateLicense

Manage Licenses

<license-url>/updateLicenseManager

Manage Licenses

Mode

EndpointRequirement
<root-url>/mode

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

<mode-url>/update

Default administrator role only