Role Store

Description

The role store is a repository of roles (groups) and a mapping of users and roles. ArcGIS Server uses the roles and the mapping during authorization of a request. The authorization module fetches all the roles that have been assigned to a user and then computes the privileges as the sum total of all the privileges assigned to individual roles.

In addition to connecting to your enterprise role store such as Windows Domain or any other directory service that supports an LDAP interface, ArcGIS Server also ships with a built-in storage mechanism where you can create your roles and define a user-to-role mapping.

ArcGIS Server requires you to configure a role store while setting up security on your site.

Request parameters

LDAP Parameter	Details
`ldapURLForRoles`	The LDAP URL pointing to the roles if roles are stored within the LDAP. Example Use dark colors for code blocksCopy `1 "ldap://server:389/dc=mydomain,dc=com???(&(objectClass=group))?`
`memberAttributeInRoles`	The attribute of the role entry that contains user membership information. Example Use dark colors for code blocksCopy `1 member`
`usernameAttribute`	The attribute of the user entry that is to be treated as the username. Example Use dark colors for code blocksCopy `1 name`
`rolenameAttribute`	The attribute of the role entry that is to be treated as the rolename. Example Use dark colors for code blocksCopy `1 name`
`adminUser`	The administrative account to the LDAP that has at least read access. Example Use dark colors for code blocksCopy `1 cn=admin,cn=users,dc=mydomain,dc=com`
`adminUserPassword`	The credentials for the administrative account. Example Use dark colors for code blocksCopy `1 secret`

WINDOWS Parameter Details

WINDOWS Parameter	Details
`adminUser`	The administrative account to the LDAP that has at least read access. Example Use dark colors for code blocksCopy `1 cn=admin,cn=users,dc=mydomain,dc=com`
`adminUserPassword`	The credentials for the administrative account. Example Use dark colors for code blocksCopy `1 secret`

adminUser

The administrative account to the LDAP that has at least read access.

Example

Use dark colors for code blocksCopy
cn=admin,cn=users,dc=mydomain,dc=com

adminUserPassword

The credentials for the administrative account.

Example

Use dark colors for code blocksCopy
secret

CUSTOM Parameter Details

CUSTOM Parameter	Details
`class`	The fully qualified name of the Java class that implements custom access to the role store. Example Use dark colors for code blocksCopy `1 com.myorg.userstore.DBUserStore`
`...`	Any custom properties that are required by your class.

class

The fully qualified name of the Java class that implements custom access to the role store.

Example

Use dark colors for code blocksCopy
com.myorg.userstore.DBUserStore

...

Any custom properties that are required by your class.

JSON Response syntax

Use dark colors for code blocksCopy
{
		"type": "<BUILTIN | WINDOWS | LDAP | CUSTOM>",
		"properties": <properties>
	}

JSON Response example

The JSON representation of a connection to LDAP:

Use dark colors for code blocksCopy
{
	 "type": "LDAP",
	 "properties": {
		  "ldapURLForRoles": "ldap://server:389/dc=mydomain,dc=com???(&(objectClass=group))?",
		  "memberAttributeInRoles": "member",
		  "usernameAttribute": "name",
		  "rolenameAttribute": "name",
		  "adminUser": "cn=admin,cn=users,dc=mydomain,dc=com",
		  "adminUserPassword": "secret"
	 }
}

The JSON representation of a connection to Windows Domain roles:

Use dark colors for code blocksCopy
{
	 "type": "WINDOWS",
	 "properties": {
		  "adminUser": "ourdomain\\myreadonlyaccount",
		  "adminUserPassword": "secret"
	 }
}