Role Store

Description

The role store is a repository of roles (groups) and a mapping of users and roles. ArcGIS Server uses the roles and the mapping during authorization of a request. The authorization module fetches all the roles that have been assigned to a user and then computes the privileges as the sum total of all the privileges assigned to individual roles.

In addition to connecting to your enterprise role store such as Windows Domain or any other directory service that supports an LDAP interface, ArcGIS Server also ships with a built-in storage mechanism where you can create your roles and define a user-to-role mapping.

ArcGIS Server requires you to configure a role store while setting up security on your site.

Request parameters

LDAP ParameterDetails

ldapURLForRoles

The LDAP URL pointing to the roles if roles are stored within the LDAP.

Example

1
"ldap://server:389/dc=mydomain,dc=com???(&(objectClass=group))?

memberAttributeInRoles

The attribute of the role entry that contains user membership information.

Example

1
member

usernameAttribute

The attribute of the user entry that is to be treated as the username.

Example

1
name

rolenameAttribute

The attribute of the role entry that is to be treated as the rolename.

Example

1
name

adminUser

The administrative account to the LDAP that has at least read access.

Example

1
cn=admin,cn=users,dc=mydomain,dc=com

adminUserPassword

The credentials for the administrative account.

Example

1
secret

WINDOWS ParameterDetails

adminUser

The administrative account to the LDAP that has at least read access.

Example

1
cn=admin,cn=users,dc=mydomain,dc=com

adminUserPassword

The credentials for the administrative account.

Example

1
secret

CUSTOM ParameterDetails

class

The fully qualified name of the Java class that implements custom access to the role store.

Example

1
com.myorg.userstore.DBUserStore

...

Any custom properties that are required by your class.

JSON Response syntax

1
2
3
4
{
		"type": "<BUILTIN | WINDOWS | LDAP | CUSTOM>",
		"properties": <properties>
	}

JSON Response example

The JSON representation of a connection to LDAP:

1
2
3
4
5
6
7
8
9
10
11
{
	 "type": "LDAP",
	 "properties": {
		  "ldapURLForRoles": "ldap://server:389/dc=mydomain,dc=com???(&(objectClass=group))?",
		  "memberAttributeInRoles": "member",
		  "usernameAttribute": "name",
		  "rolenameAttribute": "name",
		  "adminUser": "cn=admin,cn=users,dc=mydomain,dc=com",
		  "adminUserPassword": "secret"
	 }
}

The JSON representation of a connection to Windows Domain roles:

1
2
3
4
5
6
7
{
	 "type": "WINDOWS",
	 "properties": {
		  "adminUser": "ourdomain\\myreadonlyaccount",
		  "adminUserPassword": "secret"
	 }
}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.

You can no longer sign into this site. Go to your ArcGIS portal or the ArcGIS Location Platform dashboard to perform management tasks.

Your ArcGIS portal

Create, manage, and access API keys and OAuth 2.0 developer credentials, hosted layers, and data services.

Your ArcGIS Location Platform dashboard

Manage billing, monitor service usage, and access additional resources.

Learn more about these changes in the What's new in Esri Developers June 2024 blog post.

Close