ArcGIS Enterprise provides multiple methods for organizations to manage how their members access and interact with its content. One method is to assign members specific privileges through custom roles that include administrative privileges, such as the ability to manage an organization's security configuration. These custom roles allow organizations to delegate administrative tasks without assigning the default administrator role to multiple members.
The security privilege model has carried over to the ArcGIS Server Administration REST API. Starting at 10.8.1, only members assigned specific administrative privileges are able to access the REST API. Further access to other resources and operations is restricted based on the endpoints that are associated with, or required by, their role's privileges.
Note:
Members assigned the default administrator role continue to have access to the full Server Administration API.
Privilege-based access
Members are only able to access certain endpoints in the ArcGIS Server Administration API based on the privileges assigned to their role. Resources and operations that are unavailable to members that are inaccessible through the UI or return errors if they are accessed through URL paths.
The following table shows which administrative privileges are authorized to access the ArcGIS Server Admin REST API:
| Administrative privilege category | Privileges |
|---|---|
Content | Update | Delete |
Portal Settings | Security and Infrastructure | Servers |
The Update and Delete privileges allow members to update, categorize, and delete content. Users assigned the Servers privilege can manage their organization's servers, such as federating and unfederating servers and assigning server roles. Those assigned the Security and Infrastructure privilege have the ability to add trusted servers, changing the server's SSL settings, and manage the security of their organization.
To learn more about these privileges, and what access they provide in an organization, see User types, roles, and privileges.
Endpoint access
The following section outlines the requirements to access each endpoint in the ArcGIS Server Administration API.
Note:
Users assigned the default administrator role will have access to every endpoint in the Server Administration API. Endpoints that are accessible only to those assigned the default administrator role are specified below.
Server admin root
| Endpoint path | Privileges |
|---|---|
| Root | Update | Delete | Security and Infrastructure | Servers |
| Create New Site | Default administrator role only |
| Export Site | Default administrator role only |
| Import Site | Default administrator role only |
| Delete Site | Default administrator role only |
| Join Site | Default administrator role only |
| Upgrade | Default administrator role only |
| Generate Token | Update | Delete | Security and Infrastructure | Servers |
| Public Key | Update | Delete | Security and Infrastructure | Servers |
Machines
| Endpoint path | Privileges |
|---|---|
| Machines | Update | Delete | Security and Infrastructure | Servers |
| Register Machine | Security and Infrastructure |
| Rename Machine | Security and Infrastructure |
| Machine | Update | Delete | Security and Infrastructure | Servers |
| Edit Machine | Security and Infrastructure |
| Start Machine | Security and Infrastructure |
| Stop Machine | Security and Infrastructure |
| Unregister Machine | Security and Infrastructure |
| Synchronize With Site | Security and Infrastructure |
| Hardware Configuration | Update | Delete | Security and Infrastructure | Servers |
| SSL Certificates | Update | Delete | Security and Infrastructure | Servers |
| Generate Certificate | Security and Infrastructure |
| Import Root Certificate | Security and Infrastructure |
| Import Existing Server Certificate | Security and Infrastructure |
| SSL Certificate | Update | Delete | Security and Infrastructure | Servers |
| Generate CSR | Security and Infrastructure |
| Export Certificate | Security and Infrastructure |
| Delete Certificate | Security and Infrastructure |
| Import CA Signed Certificate | Security and Infrastructure |
Services
Note:
Both the System and Utilities folders, and most of their operations, are only accessible to users assigned the default administrator role. The edit service operations in both the System and Utilities folders are accessible only to users with the Security and Infrastructure and Servers privileges.
| Endpoint path | Privileges |
|---|---|
| Services | Update | Delete | Security and Infrastructure | Servers |
| Edit Folder | Security and Infrastructure |
| Create Service | Update | Delete | Security and Infrastructure | Servers |
| Rename Service | Update | Delete | Security and Infrastructure | Servers |
| Can Create Service | Update | Delete | Security and Infrastructure | Servers |
| Create Folder | Update | Delete | Security and Infrastructure | Servers |
| Exists | Update | Delete | Security and Infrastructure | Servers |
| Start Services | Update | Delete | Security and Infrastructure | Servers |
| Stop Services | Update | Delete | Security and Infrastructure | Servers |
| Delete Services | Update | Delete | Security and Infrastructure | Servers |
| Export Services | Update | Delete | Security and Infrastructure | Servers |
| Import Services | Update | Delete | Security and Infrastructure | Servers |
| Federate | Update | Delete | Security and Infrastructure | Servers |
| Unfederate | Update | Delete | Security and Infrastructure | Servers |
| Types | Update | Delete | Security and Infrastructure | Servers |
| Extensions | Update | Delete | Security and Infrastructure | Servers |
| Register Extension | Update | Delete | Security and Infrastructure | Servers |
| Update Extension | Update | Delete | Security and Infrastructure | Servers |
| Unregister Extension | Update | Delete | Security and Infrastructure | Servers |
| Permissions | Update | Delete | Security and Infrastructure | Servers |
| Add Permission | Update | Delete | Security and Infrastructure | Servers |
| Has Child Permissions Conflict | Update | Delete | Security and Infrastructure | Servers |
| Clean Permissions | Update | Delete | Security and Infrastructure | Servers |
| Service Report | Update | Delete | Security and Infrastructure | Servers |
| Default Service Properties | Update | Delete | Security and Infrastructure | Servers |
| Update Default Service Properties | Default administrator role only |
| Service | Update | Delete | Security and Infrastructure | Servers |
| Start Service | Update | Delete | Security and Infrastructure | Servers |
| Stop Service | Update | Delete | Security and Infrastructure | Servers |
| Edit Service | Update | Delete | Security and Infrastructure | Servers |
| Change Provider | Update | Delete | Security and Infrastructure | Servers |
| Delete Service | Update | Delete | Security and Infrastructure | Servers |
| Job Statistics | Update | Delete | Security and Infrastructure | Servers |
| Item Information | Update | Delete | Security and Infrastructure | Servers |
| Lifecycle Information | Update | Delete | Security and Infrastructure | Servers |
| Jobs | Update | Delete | Security and Infrastructure | Servers |
| Job | Update | Delete | Security and Infrastructure | Servers |
| Query Jobs | Update | Delete | Security and Infrastructure | Servers |
| Purge Job Queue | Default administrator role only |
| Job Statistics | Update | Delete | Security and Infrastructure | Servers |
| Delete Job | Default administrator role only |
| Cancel Job | Default administrator role only |
| Edit Item Information | Update | Delete | Security and Infrastructure | Servers |
| Upload Item Information File | Update | Delete | Security and Infrastructure | Servers |
| Delete Item Information | Update | Delete | Security and Infrastructure | Servers |
| Folder | Update | Delete | Security and Infrastructure | Servers |
| Delete Folder | Update | Delete | Security and Infrastructure | Servers |
Security
| Endpoint path | Privileges |
|---|---|
| Security | Update | Delete | Security and Infrastructure | Servers |
| Users | Update | Delete | Security and Infrastructure | Servers |
| Get Users | Update | Delete | Security and Infrastructure | Servers |
| Search Users | Update | Delete | Security and Infrastructure | Servers |
| Add User | Update | Delete | Security and Infrastructure | Servers |
| Remove User | Update | Delete | Security and Infrastructure | Servers |
| Update User | Update | Delete | Security and Infrastructure | Servers |
| Assign Roles | Update | Delete | Security and Infrastructure | Servers |
| Remove Roles | Update | Delete | Security and Infrastructure | Servers |
| Get Privilege For User | Update | Delete | Security and Infrastructure | Servers |
| Roles | Update | Delete | Security and Infrastructure | Servers |
| Get Roles | Update | Delete | Security and Infrastructure | Servers |
| Search Roles | Update | Delete | Security and Infrastructure | Servers |
| Add Role | Update | Delete | Security and Infrastructure | Servers |
| Remove Role | Update | Delete | Security and Infrastructure | Servers |
| Update Role | Update | Delete | Security and Infrastructure | Servers |
| Get Roles For User | Update | Delete | Security and Infrastructure | Servers |
| Get Users Within Role | Update | Delete | Security and Infrastructure | Servers |
| Add Users To Role | Update | Delete | Security and Infrastructure | Servers |
| Remove Users From Role | Update | Delete | Security and Infrastructure | Servers |
| Assign Privilege | Update | Delete | Security and Infrastructure | Servers |
| Get Privilege For Role | Update | Delete | Security and Infrastructure | Servers |
| Get Roles By Privilege | Update | Delete | Security and Infrastructure | Servers |
| Tokens | Update | Delete | Security and Infrastructure | Servers |
| Update Token Configuration | Security and Infrastructure |
| Security Configuration | Update | Delete | Security and Infrastructure | Servers |
| Update Security Configuration | Security and Infrastructure | Servers |
| Update Identity Store | Security and Infrastructure | Servers |
| Test Identity Store | Security and Infrastructure | Servers |
| Change Server Role | Security and Infrastructure | Servers |
| Primary Site Administrator | Update | Delete | Security and Infrastructure | Servers |
| Update Primary Site Administrator | Default administrator role only |
| Enable Primary Site Administrator | Default administrator role only |
| Disable Primary Site Administrator | Default administrator role only |
System
| Endpoint path | Privileges |
|---|---|
| System | Update | Delete | Security and Infrastructure | Servers |
| Server Properties | Update | Delete | Security and Infrastructure | Servers |
| Update Server Properties | Security and Infrastructure |
| Server Directories | Update | Delete | Security and Infrastructure | Servers |
| Register Directory | Default administrator role only |
| Register Directories | Default administrator role only |
| Recover Server Directories | Default administrator role only |
| Server Directory | Update | Delete | Security and Infrastructure | Servers |
| Unregister Directory | Default administrator role only |
| Clean Directory | Default administrator role only |
| Edit Directory | Default administrator role only |
| Configuration Store | Update | Delete | Security and Infrastructure | Servers |
| Edit Configuration Store | Default administrator role only |
| Recover Configuration Store | Default administrator role only |
| Web Adaptors | Update | Delete | Security and Infrastructure | Servers |
| Web Adaptor Configuration | Update | Delete | Security and Infrastructure | Servers |
| Update Web Adaptors Configuration | Security and Infrastructure |
| Web Adaptor | Update | Delete | Security and Infrastructure | Servers |
| Unregister Web Adaptor | Security and Infrastructure |
| Handlers | Update | Delete | Security and Infrastructure | Servers |
| Rest Handler | Update | Delete | Security and Infrastructure | Servers |
| Rest Cache | Security and Infrastructure |
| Clear Rest Cache | Security and Infrastructure |
| Services Directory | Update | Delete | Security and Infrastructure | Servers |
| Edit Directory | Security and Infrastructure |
| SOAP | Security and Infrastructure |
| SOAP Handler Config | Security and Infrastructure |
| Edit SOAP Handler Config | Security and Infrastructure |
| Jobs | Update | Delete | Security and Infrastructure | Servers |
| Job | Update | Delete | Security and Infrastructure | Servers |
| Licenses | Update | Delete | Security and Infrastructure | Servers |
| Deployment | Update | Delete | Security and Infrastructure | Servers |
| Platform Services | Update | Delete | Security and Infrastructure | Servers |
| Compute Platform | Update | Delete | Security and Infrastructure | Servers |
| Start Compute Platform | Update | Delete | Security and Infrastructure | Servers |
| Stop Compute Platform | Update | Delete | Security and Infrastructure | Servers |
| Compute Platform Status | Update | Delete | Security and Infrastructure | Servers |
| Compute Platform Health Check | Update | Delete | Security and Infrastructure | Servers |
| Synchronization Service | Update | Delete | Security and Infrastructure | Servers |
| Start Synchronization Service | Update | Delete | Security and Infrastructure | Servers |
| Stop Synchronization Service | Update | Delete | Security and Infrastructure | Servers |
| Synchronization Service Health Check | Update | Delete | Security and Infrastructure | Servers |
| Synchronization Service Status | Update | Delete | Security and Infrastructure | Servers |
| Synchronization Service Reset | Update | Delete | Security and Infrastructure | Servers |
Data
| Endpoint path | Privileges |
|---|---|
| Data | Update | Delete | Security and Infrastructure | Servers |
| Register Data Item | Update | Delete | Security and Infrastructure | Servers |
| Unregister Data Item | Update | Delete | Security and Infrastructure | Servers |
| Validate Data Item | Update | Delete | Security and Infrastructure | Servers |
| Validate All Data Items | Update | Delete | Security and Infrastructure | Servers |
| Find Data Items | Update | Delete | Security and Infrastructure | Servers |
| Federate Data Item | Update | Delete | Security and Infrastructure | Servers |
| Root Data Item | Update | Delete | Security and Infrastructure | Servers |
| Edit Data Item | Update | Delete | Security and Infrastructure | Servers |
| Make Data Store Machine Primary | Update | Delete | Security and Infrastructure | Servers |
| Validate Data Store | Update | Delete | Security and Infrastructure | Servers |
| Remove Data Store Machine | Update | Delete | Security and Infrastructure | Servers |
| Start Data Store Machine | Update | Delete | Security and Infrastructure | Servers |
| Stop Data Store Machine | Update | Delete | Security and Infrastructure | Servers |
| Datastore Configuration | Update | Delete | Security and Infrastructure | Servers |
| Update Datastore Configuration | Update | Delete | Security and Infrastructure | Servers |
| Relational Data Store Types | Update | Delete | Security and Infrastructure | Servers |
| Register Relational Data Store Type | Update | Delete | Security and Infrastructure | Servers |
| Relational Data Store Type | Update | Delete | Security and Infrastructure | Servers |
| Edit Relational Data Store Type | Update | Delete | Security and Infrastructure | Servers |
| Unregister Relational Data Store Type | Update | Delete | Security and Infrastructure | Servers |
| Big Data File Share Manifest | Update | Delete | Security and Infrastructure | Servers |
| Big Data File Share Manifest Regeneration | Update | Delete | Security and Infrastructure | Servers |
| Big Data File Share Manifest Update | Update | Delete | Security and Infrastructure | Servers |
| Big Data File Share Hints | Update | Delete | Security and Infrastructure | Servers |
| Big Data File Share Hints Update | Update | Delete | Security and Infrastructure | Servers |
Uploads
| Endpoint path | Privileges |
|---|---|
| Uploads | Update | Delete | Security and Infrastructure | Servers |
| Upload Item | Update | Delete | Security and Infrastructure | Servers |
| Register Item | Update | Delete | Security and Infrastructure | Servers |
| Item | Update | Delete | Security and Infrastructure | Servers |
| Upload Part | Update | Delete | Security and Infrastructure | Servers |
| Commit Item | Update | Delete | Security and Infrastructure | Servers |
| Delete Item | Update | Delete | Security and Infrastructure | Servers |
| Item Parts | Update | Delete | Security and Infrastructure | Servers |
Logs
| Endpoint path | Privileges |
|---|---|
| Logs | Update | Delete | Security and Infrastructure | Servers |
| Query Logs | Update | Delete | Security and Infrastructure | Servers |
| Clean Logs | Security and Infrastructure |
| Count Error Reports | Update | Delete | Security and Infrastructure | Servers |
| Log Settings | Update | Delete | Security and Infrastructure | Servers |
| Edit Log Settings | Security and Infrastructure |
KML
| Endpoint path | Privileges |
|---|---|
| Kml | Update | Delete | Security and Infrastructure | Servers |
| Create Kmz | Update | Delete | Security and Infrastructure | Servers |
| Kmz File | Update | Delete | Security and Infrastructure | Servers |
Info
| Endpoint path | Privileges |
|---|---|
| Info | Update | Delete | Security and Infrastructure | Servers |
Mode
| Endpoint path | Privileges |
|---|---|
| Mode | Update | Delete | Security and Infrastructure | Servers |
| Update Site Mode | Default administrator role only |
Usage report
| Endpoint path | Privileges |
|---|---|
| Usage Reports | Update | Delete | Security and Infrastructure | Servers |
| Create Usage Report | Default administrator role only |
| Usage Reports Settings | Update | Delete | Security and Infrastructure | Servers |
| Edit Usage Reports Settings | Default administrator role only |
| Usage Report | Update | Delete | Security and Infrastructure | Servers |
| Edit Usage Report | Default administrator role only |
| Query Report Data | Update | Delete | Security and Infrastructure | Servers |
| Delete Usage Report | Default administrator role only |