- URL:
- https://<root>/security/roles
- Methods:
GET- Operations:
- Add, Add Users to Role, Assign Privilege, Get Privilege, Get Roles, Get Roles By Privilege, Get Roles For User, Get Users Within Role, Remove, Remove Users From Role, Search, Update
- Version Introduced:
- 10.1
Access requirements
Required privileges
The Sever Administrator API requires privilege-based access. An administrator must be assigned a specific user privilege, or role, to access any given endpoint. Listed below are the user privileges or roles an administrator can be assigned that provides access to this endpoint. If multiple privileges are listed, only one needs to be assigned to gain access.
Note that administrators assigned a custom role must also have the administrative View all content privilege assigned to them to access the API directory as an administrator. Additonally, any custom roles that include a webhook-related privilege must also include the general Publish server-based layers content privilege.
Tokens
This API requires token-based authentication. A token is automatically generated for administrators who sign in to the Server Administrator API directory's HTML interface. Tokens generated in this way are stored for the entirety of the session.
Those accessing the API directory outside of the HTML interface will need to acquire a session token from the generate operation in the Portal Directory API. For security reasons, all POST requests made to the Server Administrator API must include a token in the request body.
Description
The roles resource represents all roles available in the role store. The ArcGIS Server security model supports a role-based access control in which each role can be assigned certain permissions (privileges) to access one or more resources. Users are assigned to these roles. The server then authorizes each requesting user based on all the roles assigned to the user.
As the role space could be potentially large, you can use the paged Get Roles operation to iterate through the list of roles, or you can use the Search Roles operation to search for a specific role.
ArcGIS Server is capable of connecting to your enterprise identity stores such as Active Directory or other directory services exposed via the LDAP protocol. Such identity stores are treated as read-only stores and ArcGIS Server does not attempt to update them. As a result, operations that need to update the role store (such as adding roles, removing roles, updating roles) are not supported when the role store is read-only. On the other hand, you can configure your ArcGIS Server to use the default role store shipped with the server, which is treated as a read-write store.
The total numbers of roles are returned in the response.
Request parameters
| Parameter | Description |
|---|---|
| The response format. The default response format is Values: |
Example usage
The following is a sample request URL used to access the roles resource:
https://organization.example.com/<context>/admin/security/roles?f=pjsonJSON Response example
{"isReadOnly": true}