ArcGIS Enterprise provides multiple ways for organizations to manage how their members access and interact with its content. One such way is by assigning members specific privileges through custom roles that include administrative privileges, such as the ability to manage an organization's security configuration. These custom roles allow organizations to delegate administrative tasks without having to assign the default administrator role to multiple members.
In continuation of this restrictive access model, ArcGIS Enterprise 10.8 limits access to the Portal Administration API based on the administrative privileges assigned to organization members through their custom role. To learn more about the changes to the Portal Administration API, see Managing access to the Portal Administration API.
The security privilege model has carried over to the ArcGIS Server Administration REST API. Starting at 10.8.1, only members assigned specific administrative privileges will be able to access the REST API. Further access to other resources and operations is restricted based on the endpoints that are associated with, or required by, their role's privileges.
Note:
Members assigned the default administrator role will continue to have access to the full Server Administration API.
Privilege based access
Members will only be able to access certain endpoints in the Server Administration API based on the privileges assigned to their role. Resources and operations that are not accessible to members that will be inaccessible through the UI or return errors if they are accessed through URL paths.
The table below shows which administrative privileges are authorized to access the Server Admin REST API:
| Administrative Privilege Category | Privilege Name |
|---|---|
Content | Update | Delete |
Portal Settings | Security and Infrastructure | Servers |
The Update and Delete privileges allow members to update, categorize, and delete content. Users assigned the Servers privilege can manage their organizations servers, such as federating/unfederating servers and assigning server roles. Those assigned the Security and Infrastructure privilege have the ability to add trusted servers, changing the server's SSL settings, and overall manage the security of their organization.
To learn more about these privileges, and what access they provide within an organization, see User types, roles, and privileges.
Endpoint access
The following section outlines the requirements to access each endpoint in the Server Administration API.
Note:
Users assigned the default administrator role will have access to every endpoint in the Server Administration API. Endpoints that are accessible only to those assigned the default administrator rile will be specified below.
Server Admin root
| Endpoint Path | Privileges |
|---|---|
| /root | Update | Delete | Security and Infrastructure | Servers |
| <root-url>/createNewSite | Default administrator role only |
| <root-url>/exportSite | Default administrator role only |
| <root-url>/importSite | Default administrator role only |
| <root-url>/deleteSite | Default administrator role only |
| <root-url>/joinSite | Default administrator role only |
| <root-url>/upgrade | Default administrator role only |
| <root-url>/generateToken | Update | Delete | Security and Infrastructure | Servers |
| <root-url>/publicKey | Update | Delete | Security and Infrastructure | Servers |
Machines
| Endpoint Path | Privileges |
|---|---|
| <root-url>/machines | Update | Delete | Security and Infrastructure | Servers |
| <machines-url>/register | Security and Infrastructure |
| <machines-url>/rename | Security and Infrastructure |
| <machines-url>/<machine name> | Update | Delete | Security and Infrastructure | Servers |
| <machine-url>/edit | Security and Infrastructure |
| <machine-url>/start | Security and Infrastructure |
| <machine-url>/stop | Security and Infrastructure |
| <machine-url>/unregister | Security and Infrastructure |
| <machine-url>/synchronizeWithSite | Security and Infrastructure |
| <machine-url>/hardware | Update | Delete | Security and Infrastructure | Servers |
| <machine-url>/sslcertificates | Update | Delete | Security and Infrastructure | Servers |
| <sslcertificates-url>/generate | Security and Infrastructure |
| <sslcertificates-url>/importRootOrIntermediate | Security and Infrastructure |
| <sslcertificates-url>/importExistingServerCertificate | Security and Infrastructure |
| <sslcertificate-url>/<certificate> | Update | Delete | Security and Infrastructure | Servers |
| <certificate-url>/generateCSR | Security and Infrastructure |
| <certificate-url>/export | Security and Infrastructure |
| <certificate-url>/delete | Security and Infrastructure |
| <certificate-url>/importSignedCertificate | Security and Infrastructure |
Services
Note:
Both the System and Utilities folders, and most of their operations, are only accessible to users assigned the default administrator role. The edit service operations in both the System and Utilities folder is accessible only to users with the Security and Infrastructure and Servers privileges.
| Endpoint Path | Privileges |
|---|---|
| <root-url>/services | Update | Delete | Security and Infrastructure | Servers |
| <folder-url>/editFolder | Security and Infrastructure |
| <services-url>/createService | Update | Delete | Security and Infrastructure | Servers |
| <folder-url>/renameService | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/canCreateService | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/createFolder | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/exists | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/startServices | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/stopServices | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/deleteServices | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/exportServices | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/importServices | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/federate | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/unfederate | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/types | Update | Delete | Security and Infrastructure | Servers |
| <types-url>/extensions | Update | Delete | Security and Infrastructure | Servers |
| <extensions-url>/register | Update | Delete | Security and Infrastructure | Servers |
| <extensions-url>/update | Update | Delete | Security and Infrastructure | Servers |
| <extensions-url>/unregister | Update | Delete | Security and Infrastructure | Servers |
| <service-url>/permissions | Update | Delete | Security and Infrastructure | Servers |
| <permissions-url>/add | Update | Delete | Security and Infrastructure | Servers |
| <permissions-url>/hasChildPermissionsConflict | Update | Delete | Security and Infrastructure | Servers |
| <permissions-url>/clean | Update | Delete | Security and Infrastructure | Servers |
| <folder-url>/report | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/properties | Update | Delete | Security and Infrastructure | Servers |
| <properties-url>/update | Default administrator role only |
| <folder-url>/<serviceName.serviceType> | Update | Delete | Security and Infrastructure | Servers |
| <service-url>/start | Update | Delete | Security and Infrastructure | Servers |
| <service-url>/stop | Update | Delete | Security and Infrastructure | Servers |
| <service-url>/edit | Update | Delete | Security and Infrastructure | Servers |
| <service-url>/changeProvider | Update | Delete | Security and Infrastructure | Servers |
| <service-url>/deleteService | Update | Delete | Security and Infrastructure | Servers |
| <service-url>/statistics | Update | Delete | Security and Infrastructure | Servers |
| <service-url>/iteminfo | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/licecycleinfos | Update | Delete | Security and Infrastructure | Servers |
| <service-url>/jobs | Update | Delete | Security and Infrastructure | Servers |
| <jobs-url>/<jobID> | Update | Delete | Security and Infrastructure | Servers |
| <jobs-url>/query | Update | Delete | Security and Infrastructure | Servers |
| <jobs-url>/purgeQueue | Default administrator role only |
| <job-url>/statistics | Update | Delete | Security and Infrastructure | Servers |
| <job-url>/delete | Default administrator role only |
| <job-url>/cancel | Default administrator role only |
| <iteminfo-url>/edit | Update | Delete | Security and Infrastructure | Servers |
| <iteminfo-url>/upload | Update | Delete | Security and Infrastructure | Servers |
| <iteminfo-url>/delete | Update | Delete | Security and Infrastructure | Servers |
| <services-url>/<folder> | Update | Delete | Security and Infrastructure | Servers |
| <folder-url>/deleteFolder | Update | Delete | Security and Infrastructure | Servers |
Security
| Endpoint Path | Privileges |
|---|---|
| <root-url>/security | Update | Delete | Security and Infrastructure | Servers |
| <security-url>/users | Update | Delete | Security and Infrastructure | Servers |
| <users-url>/getUsers | Update | Delete | Security and Infrastructure | Servers |
| <users-url>/search | Update | Delete | Security and Infrastructure | Servers |
| <users-url>/add | Update | Delete | Security and Infrastructure | Servers |
| <users-url>/remove | Update | Delete | Security and Infrastructure | Servers |
| <users-url>/update | Update | Delete | Security and Infrastructure | Servers |
| <users-url>/assignRoles | Update | Delete | Security and Infrastructure | Servers |
| <users-url>/removeRoles | Update | Delete | Security and Infrastructure | Servers |
| <users-url>/getPrivilege | Update | Delete | Security and Infrastructure | Servers |
| <security-url>/roles | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/getRoles | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/search | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/add | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/remove | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/update | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/getRolesForUser | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/getUsersWithinRole | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/addUsersToRole | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/removeUsersFromRole | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/assignPrivilege | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/getPrivilege | Update | Delete | Security and Infrastructure | Servers |
| <roles-url>/getRolesByPrivilege | Update | Delete | Security and Infrastructure | Servers |
| <security-url>/tokens | Update | Delete | Security and Infrastructure | Servers |
| <tokens-url>/update | Security and Infrastructure |
| <security-url>/config | Update | Delete | Security and Infrastructure | Servers |
| <config-url>/update | Security and Infrastructure | Servers |
| <config-url>/updateIdentityStore | Security and Infrastructure | Servers |
| <config-url>/testIdentityStore | Security and Infrastructure | Servers |
| <config-url>/changeServerRole | Security and Infrastructure | Servers |
| <security-url>/psa | Update | Delete | Security and Infrastructure | Servers |
| <psa-url>/update | Default administrator role only |
| <psa-url>/enable | Default administrator role only |
| <psa-url>/disable | Default administrator role only |
System
| Endpoint Path | Privileges |
|---|---|
| <root-url>/system | Update | Delete | Security and Infrastructure | Servers |
| <system-url>/properties | Update | Delete | Security and Infrastructure | Servers |
| <properties-url>/update | Security and Infrastructure |
| <system-url>/directories | Update | Delete | Security and Infrastructure | Servers |
| <directories-url>/register | Default administrator role only |
| <directories-url>/registerDirs | Default administrator role only |
| <directories-url>/recover | Default administrator role only |
| <directories-url>/<directory> | Update | Delete | Security and Infrastructure | Servers |
| <directory-url>/unregister | Default administrator role only |
| <directory-url>/clean | Default administrator role only |
| <directory-url>/edit | Default administrator role only |
| <system-url>/configstore | Update | Delete | Security and Infrastructure | Servers |
| <configstore-url>/edit | Default administrator role only |
| <configstore-url>/recover | Default administrator role only |
| <system-url>/webadaptors | Update | Delete | Security and Infrastructure | Servers |
| <webadaptors-url>/config | Update | Delete | Security and Infrastructure | Servers |
| <config-url>/update | Security and Infrastructure |
| <webadaptors-url>/<webadaptor> | Update | Delete | Security and Infrastructure | Servers |
| <webadaptor-url>/unregister | Security and Infrastructure |
| <system-url>/handlers | Update | Delete | Security and Infrastructure | Servers |
| <handlers-url>/rest | Update | Delete | Security and Infrastructure | Servers |
| <rest-url>/cache | Security and Infrastructure |
| <cache-url>/clear | Security and Infrastructure |
| <rest-url>/servicesDirectory | Update | Delete | Security and Infrastructure | Servers |
| <servicesDirectory-url>/edit | Security and Infrastructure |
| <system-url>/jobs | Update | Delete | Security and Infrastructure | Servers |
| <jobs-url>/<jobID> | Update | Delete | Security and Infrastructure | Servers |
| <system-url>/licenses | Update | Delete | Security and Infrastructure | Servers |
| <system-url>/deployment | Update | Delete | Security and Infrastructure | Servers |
| <system-url>/platformServices | Update | Delete | Security and Infrastructure | Servers |
| <platformServices-url>/<computePlatform> | Update | Delete | Security and Infrastructure | Servers |
| <computePlatform-url>/start | Update | Delete | Security and Infrastructure | Servers |
| <computePlatform-url>/stop | Update | Delete | Security and Infrastructure | Servers |
| <computePlatform-url>/status | Update | Delete | Security and Infrastructure | Servers |
| <computePlatform-url>/health | Update | Delete | Security and Infrastructure | Servers |
| <platformServices-url>/<syncService> | Update | Delete | Security and Infrastructure | Servers |
| <syncService-url>/start | Update | Delete | Security and Infrastructure | Servers |
| <syncService-url>/stop | Update | Delete | Security and Infrastructure | Servers |
| <syncService-url>/health | Update | Delete | Security and Infrastructure | Servers |
| <syncService-url>/status | Update | Delete | Security and Infrastructure | Servers |
| <syncService-url>/reset | Update | Delete | Security and Infrastructure | Servers |
Data
| Endpoint Path | Privileges |
|---|---|
| <root-url>/data | Update | Delete | Security and Infrastructure | Servers |
| <data-url>/registerItem | Update | Delete | Security and Infrastructure | Servers |
| <data-url>/unregisterItem | Update | Delete | Security and Infrastructure | Servers |
| <data-url>/validateDataItem | Update | Delete | Security and Infrastructure | Servers |
| <data-url>/validateAllDataItems | Update | Delete | Security and Infrastructure | Servers |
| <data-url>/findItems | Update | Delete | Security and Infrastructure | Servers |
| <data-url>/federateDataItem | Update | Delete | Security and Infrastructure | Servers |
| <data-url>/items | Update | Delete | Security and Infrastructure | Servers |
| <items-url>/edit | Update | Delete | Security and Infrastructure | Servers |
| <datastoreMachine-url>/makePrimary | Update | Delete | Security and Infrastructure | Servers |
| <datastoreMachine-url>/validate | Update | Delete | Security and Infrastructure | Servers |
| <datastoreMachine-url>/remove | Update | Delete | Security and Infrastructure | Servers |
| <datastoreMachine-url>/start | Update | Delete | Security and Infrastructure | Servers |
| <datastoreMachine-url>/stop | Update | Delete | Security and Infrastructure | Servers |
| <data-url>/config | Update | Delete | Security and Infrastructure | Servers |
| <config-url>/update | Update | Delete | Security and Infrastructure | Servers |
| <data-url>/relationalDatastoreTypes | Update | Delete | Security and Infrastructure | Servers |
| <relationalDatastoreTypes-url>/register | Update | Delete | Security and Infrastructure | Servers |
| <relationalDatastoreTypes-url>/<relationalDatastoreTypeID> | Update | Delete | Security and Infrastructure | Servers |
| <relationalDatastoreType-url>/edit | Update | Delete | Security and Infrastructure | Servers |
| <relationalDatastoreType-url>/unregister | Update | Delete | Security and Infrastructure | Servers |
| <bigDataFileShare-url>/<data item>/manifest | Update | Delete | Security and Infrastructure | Servers |
| <manifest-url>/regenerate | Update | Delete | Security and Infrastructure | Servers |
| <manifest-url>/update | Update | Delete | Security and Infrastructure | Servers |
| <bigDataFileShare-url>/<data item>/hints | Update | Delete | Security and Infrastructure | Servers |
| <hints-url>/update | Update | Delete | Security and Infrastructure | Servers |
Uploads
| Endpoint Path | Privileges |
|---|---|
| <root-url>/uploads | Update | Delete | Security and Infrastructure | Servers |
| <uploads-url>/upload | Update | Delete | Security and Infrastructure | Servers |
| <uploads-url>/register | Update | Delete | Security and Infrastructure | Servers |
| <uploads-url>/item | Update | Delete | Security and Infrastructure | Servers |
| <item-url>/uploadPart | Update | Delete | Security and Infrastructure | Servers |
| <item-url>/commit | Update | Delete | Security and Infrastructure | Servers |
| <item-url>/delete | Update | Delete | Security and Infrastructure | Servers |
| <item-url>/parts | Update | Delete | Security and Infrastructure | Servers |
Logs
| Endpoint Path | Privileges |
|---|---|
| <root-url>/logs | Update | Delete | Security and Infrastructure | Servers |
| <logs-url>/query | Update | Delete | Security and Infrastructure | Servers |
| <logs-url>/clean | Security and Infrastructure |
| <logs-url>/countErrorReports | Update | Delete | Security and Infrastructure | Servers |
| <logs-url>/settings | Update | Delete | Security and Infrastructure | Servers |
| <settings-url>/edit | Security and Infrastructure |
KML
| Endpoint Path | Privileges |
|---|---|
| <root-url>/kml | Update | Delete | Security and Infrastructure | Servers |
| <kml-url>/createKmz | Update | Delete | Security and Infrastructure | Servers |
| <kml-url>/kmz | Update | Delete | Security and Infrastructure | Servers |
Info
| Endpoint Path | Privileges |
|---|---|
| <root-url>/info | Update | Delete | Security and Infrastructure | Servers |
| <root-url>/getAvailableTimeZones | Update | Delete | Security and Infrastructure | Servers |
Mode
| Endpoint Path | Privileges |
|---|---|
| <root-url>/mode | Update | Delete | Security and Infrastructure | Servers |
| <mode-url>/update | Default administrator role only |
Usage Report
| Endpoint Path | Privileges |
|---|---|
| <root-url>/usageReports | Update | Delete | Security and Infrastructure | Servers |
| <usageReports-url>/add | Default administrator role only |
| <usageReports-url>/settings | Update | Delete | Security and Infrastructure | Servers |
| <settings-url>/edit | Default administrator role only |
| <usageReports-url>/<usage report> | Update | Delete | Security and Infrastructure | Servers |
| <usageReport-url>/edit | Default administrator role only |
| <usageReport-url>/data | Update | Delete | Security and Infrastructure | Servers |
| <usageReport-url>/delete | Default administrator role only |