Description
The role store is a repository of roles (groups) and a mapping of users and roles. ArcGIS Server uses the roles and the mapping during authorization of a request. The authorization module fetches all the roles that have been assigned to a user and then computes the privileges as the sum total of all the privileges assigned to individual roles.
In addition to connecting to your enterprise role store such as Windows Domain or any other directory service that supports an LDAP interface, ArcGIS Server also ships with a built-in storage mechanism where you can create your roles and define a user-to-role mapping.
ArcGIS Server requires you to configure a role store while setting up security on your site.
Request parameters
LDAP Parameter | Details |
---|---|
| The LDAP URL pointing to the roles if roles are stored within the LDAP. Example
|
| The attribute of the role entry that contains user membership information. Example
|
| The attribute of the user entry that is to be treated as the username. Example
|
| The attribute of the role entry that is to be treated as the rolename. Example
|
| The administrative account to the LDAP that has at least read access. Example
|
| The credentials for the administrative account. Example
|
WINDOWS Parameter | Details |
---|---|
| The administrative account to the LDAP that has at least read access. Example
|
| The credentials for the administrative account. Example
|
CUSTOM Parameter | Details |
---|---|
| The fully qualified name of the Java class that implements custom access to the role store. Example
|
| Any custom properties that are required by your class. |
JSON Response syntax
{
"type": "<BUILTIN | WINDOWS | LDAP | CUSTOM>",
"properties": <properties>
}
JSON Response example
The JSON representation of a connection to LDAP:
{
"type": "LDAP",
"properties": {
"ldapURLForRoles": "ldap://server:389/dc=mydomain,dc=com???(&(objectClass=group))?",
"memberAttributeInRoles": "member",
"usernameAttribute": "name",
"rolenameAttribute": "name",
"adminUser": "cn=admin,cn=users,dc=mydomain,dc=com",
"adminUserPassword": "secret"
}
}
The JSON representation of a connection to Windows Domain roles:
{
"type": "WINDOWS",
"properties": {
"adminUser": "ourdomain\\myreadonlyaccount",
"adminUserPassword": "secret"
}
}