Manage access

ArcGIS Enterprise provides multiple methods for organizations to manage how their members access and interact with its content. One method is to assign members specific privileges through custom roles that include administrative privileges, such as managing an organization's security configuration. These custom roles allow organizations to delegate administrative tasks without assigning the default administrator role to multiple members.

The security privilege model is also used by the ArcGIS Server Administration REST API. Starting at 10.8.1, only members assigned specific administrative privileges can access the REST API. Access to other resources and operations is restricted based on the endpoints that are associated with, or required by, their role's privileges.

Privilege-based access

Members can only access certain endpoints in the ArcGIS Server Administration API based on the privileges assigned to their role. To learn more about these privileges, and the access they provide in an organization, see User types, roles, and privileges.

The following tables list the privileges that are authorized to access the ArcGIS Server Admin REST API.

Administrative privileges

Privilege categoryPrivileges

Content

  • Update
  • Delete

Portal Settings

  • Security and infrastructure
  • Servers
  • Organization webhooks

Webhooks

Geoprocessing

General privileges

Privilege categoryPrivileges

Content

Register data stores

Webhooks

Feature layer

Endpoint access

The following sections list the privileges necessary to access each endpoint in the ArcGIS Server Administration API.

Server Administration root

Default administrator role onlyPublisher roleUpdateDeleteSecurity and infrastructureServersGeoprocessingFeature layerRegister data stores
Server Administration Root
Create New Site
Export Site
Import Site
Delete Site
Join Site
Upgrade
Generate Token
Public Key
Full supportPartial supportNo support

    Machines

    Default administrator role onlyPublisher roleUpdateDeleteSecurity and InfrastructureServersGeoprocessingFeature layerRegister data stores
    Machines
    Register Machine
    Rename Machine
    Machine
    Edit Machine
    Start Machine
    Stop Machine
    Unregister Machine
    Synchronize With Site
    Machine Status
    Hardware Configuration
    SSL Certificates
    Generate Certificate
    Import Root Certificate
    Import Existing Server Certificate
    SSL Certificate
    Generate CSR
    Export Certificate
    Delete Certificate
    Import CA Signed Certificate
    Full supportPartial supportNo support

      Services

      Default administrator role onlyPublisher roleUpdateDeleteSecurity and InfrastructureServersGeoprocessingFeature layerRegister data stores
      Services
      Edit Folder
      Create Service
      Rename Service
      Can Create Service
      Create Folder
      Exists
      Start Services
      Stop Services
      Delete Services
      Export Services
      Import Services
      Federate
      Unfederate
      Types
      Type
      Extensions
      Register Extension
      Update Extension
      Unregister Extension
      Providers
      Permissions
      Add Permission
      Has Child Permissions Conflict
      Clean Permissions
      Service Report
      Default Service Properties
      Update Default Service Properties
      Webhooks
      System
      Utilities
      Service
      Service Status
      Start Service
      Stop Service
      Edit Service
      Change Provider
      Delete Service
      Service Statistics
      Item Information
      Edit Item Information
      Upload Item Information File
      Delete Item Information
      Lifecycle Information
      Webhooks
      Create Webhook
      Delete All
      Activate All
      Deactivate All
      Webhook
      Edit Webhook
      Delete Webhook
      Notification Status
      Jobs
      Job
      Query Jobs
      Purge Job Queue
      Job Statistics
      Delete Job
      Cancel Job
      Folder
      Delete Folder
      Full supportPartial supportNo support

        Security

        Default administrator role onlyPublisher roleUpdateDeleteSecurity and InfrastructureServersGeoprocessingFeature layerRegister data stores
        Security
        Users
        Get Users
        Search Users
        Add User
        Remove User
        Update User
        Assign Roles
        Remove Roles
        Get Privilege For User
        Roles
        Get Roles
        Search Roles
        Add Role
        Remove Role
        Update Role
        Get Roles For User
        Get Users Within Role
        Add Users To Role
        Remove Users From Role
        Assign Privilege
        Get Privilege For Role
        Get Roles By Privilege
        Tokens
        Update Token Configuration
        Security Configuration
        Update Security Configuration
        Update Identity Store
        Test Identity Store
        Change Server Role
        Primary Site Administrator
        Update Primary Site Administrator
        Enable Primary Site Administrator
        Disable Primary Site Administrator
        Full supportPartial supportNo support

          System

          Default administrator role onlyPublisher roleUpdateDeleteSecurity and InfrastructureServersGeoprocessingFeature layerRegister data stores
          System
          Server Properties
          Update Server Properties
          Server Directories
          Register Directory
          Register Directories
          Recover Server Directories
          Server Directory
          Unregister Directory
          Clean Directory
          Edit Directory
          Configuration Store
          Edit Configuration Store
          Recover Configuration Store
          Web Adaptors
          Web Adaptor Configuration
          Update Web Adaptors Configuration
          Web Adaptor
          Unregister Web Adaptor
          Handlers
          Rest Handler
          Rest Cache
          Clear Rest Cache
          Services Directory
          Edit Directory
          SOAP
          SOAP Handler Config
          Edit SOAP Handler Config
          Jobs
          Job
          Licenses
          Deployment
          Platform Services
          Compute Platform
          Start Compute Platform
          Stop Compute Platform
          Compute Platform Status
          Compute Platform Health Check
          Synchronization Service
          Start Synchronization Service
          Stop Synchronization Service
          Synchronization Service Status
          Synchronization Service Reset
          Full supportPartial supportNo support

            Data

            Default administrator role onlyPublisher roleUpdateDeleteSecurity and InfrastructureServersGeoprocessingFeature layerRegister data stores
            Data
            Register Data Item
            Unregister Data Item
            Validate Data Item
            Validate All Data Items
            Find Data Items
            Federate Data Item
            Root Data Item
            Lifecycle Information
            Edit Data Item
            Make Data Store Machine Primary
            Validate Data Store
            Remove Data Store Machine
            Start Data Store Machine
            Stop Data Store Machine
            Datastore Configuration
            Update Datastore Configuration
            Relational Data Store Types
            Register Relational Data Store Type
            Relational Data Store Type
            Edit Relational Data Store Type
            Unregister Relational Data Store Type
            Big Data File Share Manifest
            Big Data File Share Manifest Regeneration
            Big Data File Share Manifest Update
            Big Data File Share Hints
            Big Data File Share Hints Update
            Full supportPartial supportNo support

              Uploads

              Default administrator role onlyPublisher roleUpdateDeleteSecurity and InfrastructureServersGeoprocessingFeature layerRegister data stores
              Uploads
              Upload Item
              Register Item
              Item
              Upload Part
              Commit Item
              Delete Item
              Item Parts
              Full supportPartial supportNo support

                Logs

                Default administrator role onlyPublisher roleUpdateDeleteSecurity and InfrastructureServersGeoprocessingFeature layerRegister data stores
                Logs
                Query Logs
                Clean Logs
                Count Error Reports
                Log Settings
                Edit Log Settings
                Full supportPartial supportNo support

                  KML

                  Default administrator role onlyPublisher roleUpdateDeleteSecurity and InfrastructureServersGeoprocessingFeature layerRegister data stores
                  Kml
                  Create Kmz
                  Kmz File
                  Full supportPartial supportNo support

                    Info

                    Default administrator role onlyPublisher roleUpdateDeleteSecurity and InfrastructureServersGeoprocessingFeature layerRegister data stores
                    Info
                    Full supportPartial supportNo support

                      Mode

                      Default administrator role onlyPublisher roleUpdateDeleteSecurity and InfrastructureServersGeoprocessingFeature layerRegister data stores
                      Mode
                      Update Site Mode
                      Full supportPartial supportNo support

                        Usage report

                        Default administrator role onlyPublisher roleUpdateDeleteSecurity and InfrastructureServersGeoprocessingFeature layerRegister data stores
                        Usage Reports
                        Create Usage Report
                        Usage Reports Settings
                        Edit Usage Reports Settings
                        Usage Report
                        Edit Usage Report
                        Query Report Data
                        Delete Usage Report
                        Full supportPartial supportNo support