/[roleID]/privileges: Privileges | ArcGIS REST APIs

URL:: https://[root]/portals/[portalID]/roles/[roleID]/privileges
Methods:: GET

Example usage

The following is a sample request URL for an ArcGIS Online organization that is used to access the privileges resource:

Use dark colors for code blocksCopy
https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/roles/hzHOGSAky23XJu7Q/privileges?f=pjson

The following is a sample request URL for an ArcGIS Enterprise organization that is used to access the privileges resource:

Use dark colors for code blocksCopy
https://organization.example.com/<context>/sharing/rest/portals/0123456789ABCDEF/roles/hzHOGSAky23XJu7Q/privileges?f=pjson

Description

The privileges resource lists all privileges for a custom role.

For ArcGIS Enterprise organization members, the privileges they are assigned will determine whether they have access to the Portal Admin, Server Admin, and Enterprise Admin API directories. ArcGIS Enterprise organization members can only access the resources and operations associated with, or required by, their role's privileges. This restrictive access model allows organizations to continue to delegate administrative tasks without providing full administrative access. For more information on the fine-grained access model, see the related documentation for the Portal Admin, Server Admin, and Enterprise Admin APIs.

Request parameters

Parameter	Details
`[Common Parameters]`	For a complete listing, see Common parameters.

Response properties

Property Details

Property	Details
`id`	The ID of the role.
`privileges`	An array of strings with predefined permissions in each. Example Use dark colors for code blocksCopy `1 2 3 4 5 6 7 "privileges": [ "features:user:edit", "features:user:fullEdit", "opendata:user:designateGroup", "portal:admin:viewUsers", "portal:user:createGroup" ]`

id

The ID of the role.

privileges

An array of strings with predefined permissions in each.

Example

Use dark colors for code blocksCopy
"privileges": [
  "features:user:edit",
  "features:user:fullEdit",
  "opendata:user:designateGroup",
  "portal:admin:viewUsers",
  "portal:user:createGroup"
]

General privileges

The following tables outline the supported, general privileges in ArcGIS Online and ArcGIS Enterprise.

Members

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`portal:user:viewOrgUsers`			Grants the ability to view members of the organization.

Groups

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`portal:user:createGroup`			Grants the ability for a member to create, edit, and delete their own groups.
`portal:user:joinGroup`			Grants the ability to join groups within the organization.
`portal:user:joinNonOrgGroup`			Grants the ability to join groups external to the organization.
`portal:user:viewOrgGroups`			Grants the ability to view groups shared with the organization.
`portal:user:invitePartneredCollaborationMembers`			Grants the ability to invite members from partnered collaboration organizations to groups.
`portal:user:addExternalMembersToGroup`			Grants the ability to create groups that allow members from other organizations, as well as invite external members to groups.

Content

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`portal:user:createItem`			Grants the ability for a member to create, edit, and delete their own content.
`portal:publisher:publishFeatures`			Grants the ability to publish hosted feature layers from shapefiles, CSV files, and so on. This privilege is required when using apps that create hosted feature layers, such as ArcGIS Survey 123 and ArcGIS Workforce.
`portal:publisher:publishTiles`			Grants the ability to publish hosted tile layers from tile packages, features, and so on.
`portal:publisher:publishScenes`			Grants the ability to publish hosted scene layers.
`portal:publisher:publishTiledImagery`			Grants the ability to publish hosted tiled imagery layers from a single image or collection of images, and allows members to export a tile package from a hosted tiled imagery layer. This privilege requires an ArcGIS Image for ArcGIS Online user type extension license.
`portal:publisher:publishDynamicImagery`			Grants the ability to publish hosted dynamic imagery layers from a single image or collection of images. For ArcGIS Enterprise organizations, this privilege requires that your deployment be configured for raster analysis.
`portal:publisher:publishServerServices`			Grants the ability to publish ArcGIS Server web layers to ArcGIS Server sites that are federated with the portal. These services often reference registered data from geodatabases or file-based data sources. This privilege is also required for members who will bulk publish layers from a data store item.
`portal:publisher:publishKnowledgeGraph`			Grants the ability to publish hosted knowledge graphs in ArcGIS Pro. This privilege is only visible if an ArcGIS Knowledge Server is configured for your organization.
`portal:user:viewOrgItems`			Grants the ability to view content shared with the organization.
`portal:publisher:registerDataStores`			Grants the ability to add data store items to the portal.
`portal:publisher:bulkPublishFromDataStores`			Grants the owner of a database data store item the ability to publish feature and map layers from all feature classes and tables that can be accessed in the database.
`portal:user:viewTracks`			Grants the ability to view members' location tracks via shared track views when location tracking is enabled.
`portal:publisher:publishFeeds`			Grants the ability to publish feeds to collect and display real-time data using ArcGIS Velocity. This privilege applies only to the organizations with ArcGIS Velocity license.
`portal:publisher:publishRealTimeAnalytics`			Grants the ability to publish real-time analytics to analyze and process real-time data using ArcGIS Velocity. This privilege applies only to the organizations with ArcGIS Velocity license.
`portal:publisher:publishBigDataAnalytics`			Grants the ability to publish big data analytics to analyze historical observation data using ArcGIS Velocity. This privilege applies only to the organizations with ArcGIS Velocity license.
`premium:publisher:createNotebooks`			Grants the ability to create and edit interactive notebook documents. For ArcGIS Enterprise organizations, this privilege is only visible if ArcGIS Notebook Server is configured for your organization. This privilege is required for users who will be running web tools published from a notebook.
`premium:publisher:scheduleNotebooks`			Grants the ability to schedule notebooks. For ArcGIS Enterprise organizations, this privilege is only visible if ArcGIS Notebook Server is configured for your organization.
`portal:user:reassignItems`			Introduced at ArcGIS Enterprise 11.0. Grants a user the ability to reassign only their content to another member with the privilege to receive content.
`portal:user:receiveItems`			Introduced at ArcGIS Enterprise 11.0. Grants a user the ability to receive content that is reassigned to them by another member with the privilege to reassign content.
`portal:publisher:createDataPipelines`			Grants the ability to create, edit, and run data pipelines. ArcGIS Online organizations must have a subscription type that supports ArcGIS Data Pipelines. This privilege was introduced to ArcGIS Enterprise at 12.0. This privilege is only available to ArcGIS Enterprise organizations that have configured ArcGIS Data Pipelines for their organization. Beta ArcGIS Data Pipelines in ArcGIS Enterprise is currently in beta. While in beta, these features may not be feature complete and as such may have known performance or quality issues and will not be supported by Esri Technical Support. For more information on beta features in ArcGIS Enterprise, see Beta features.
`portal:publisher:PublishVideo`			Introduced at ArcGIS Enterprise 11.2. Grants a user the ability to publish hosted video layers from video file and supported video metadata files.
`portal:publisher:publishLivestreamVideo`			Introduced at ArcGIS Enterprise 11.2. Grants a user the ability to publish hosted livestream video layers sourced from network video broadcasts and streams.
`portal:user:generateApiTokens`			Introduced at ArcGIS Enterprise 11.4. Grants the ability for a member to generate API keys.
`portal:user:assignPrivilegesToApps`			Introduced at ArcGIS Enterprise 11.4. Grants ability for a member to assign privileges to OAuth 2.0 applications.

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`portal:user:shareToGroup`			Grants an organization member the ability to share their owned content with any groups to which they belong.
`portal:user:shareToOrg`			Grants organization members the ability to share any items they own with their organization.
`portal:user:shareToPublic`			Grants organization members the ability to share any items they own with everyone, including the public.
`portal:user:shareGroupToOrg`			Grants the ability for any group a member makes to be discoverable. It is recommended that this privilege be assigned to members who also have the `portal:user:createGroup` privilege as well.
`portal:user:shareGroupToPublic`			Grants the ability to make any group owned by an organization member visible to everyone in the organization, including the public and allowing for anonymous portal users to view the group. It is recommended that this privilege be assigned to members who also have the `portal:user:createGroup` privilege as well.
`opendata:user:designateGroup`			Grants the ability to designate groups in the organization as being available for use in Open Data.

Premium Content | Content and Analysis

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`premium:user:geocode`			Grants the ability to perform large-volume geocoding tasks with the Esri World Geocoder, such as publishing a CSV file of addresses as a hosted feature layer.
`premium:user:networkanalysis`			Grants the ability to perform network analysis tasks such as routing and drive-time areas.
`premium:user:spatialanalysis`			Grants the ability to perform spatial analysis tasks.
`premium:user:geoenrichment`			Grants the ability to geoenrich features.
`premium:user:demographics`			Grants the ability to make use of premium demographic data.
`premium:publisher:geoanalytics`			Grants the ability to perform GeoAnalytics tasks. Legacy The ArcGIS GeoAnalytics Server extension is deprecated with the release of ArcGIS Enterprise 11.4. The last ArcGIS Enterprise release with support for GeoAnalytics Server is 11.3.
`premium:publisher:rasteranalysis`			Grants the ability to perform imagery and raster analysis tasks such as calculating slope. This requires an ArcGIS Image for ArcGIS Online user type extension license.
`premium:user:featurereport`			Grants the ability to create feature reports in ArcGIS Survey123.
`premium:publisher:createAdvancedNotebooks`			Grants the ability to import and use ArcPy modules in notebooks.
`portal:user:runWebTool`			Grants the ability to run web tools published from notebooks.
`premium:user:places`			Grants the ability to perform local place, or point of interest search with the new places-service (beta). Available for developer subscriptions only.

Features

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`features:user:edit`			Grants the ability to edit features in editable layers based on a layer's permissions. For ArcGIS Enterprise organizations, this privilege also grants the ability to update schema on a knowledge graph layer.
`features:user:fullEdit`			Grants the ability to add, delete, and update features and attributes in a hosted feature layer regardless of the editing options enabled on the layer.

Version Management

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`features:user:manageVersions`			Grants the ability to view, alter, and delete all branch versions accessed through an ArcGIS Server web feature layer, as well as the ability to manage version locks. Note If this privilege is assigned in the front-end of ArcGIS Enterprise portal, the following privileges are assigned by default. Users assigned the `features:user:manageVersions` privilege and those from the list below are considered to be version administrators. `features:user:edit` `features:user:fullEdit`

Webhooks

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`portal:publisher:createFeatureWebhook`			Grants the ability to create, edit, and delete their own feature layer webhooks.

Administrative privileges

The following tables outline the supported, administrative privileges in ArcGIS Online and ArcGIS Enterprise

Members

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`portal:admin:viewUsers`			Grants the ability to view full member account information in the organization.
`portal:admin:updateUsers`			Grants the ability to update member account information, reset passwords, and assign or unassign member categories. Only members assigned the default administrator role can edit the password of another member who has also been assigned the default administrator role. A member with a custom role that includes `portal:admin:updateUsers` will not be able to update the password of a default administrator.
`portal:admin:deleteUsers`			Grants the ability to delete member accounts in the organization.
`portal:admin:inviteUsers`			Grants the ability to invite members to the organization.
`portal:admin:disableUsers`			Grants the ability to enable and disable member accounts in the organization.
`portal:admin:changeUserRoles`			Grants the ability to change the role a member is assigned in the organization; however, it does not grant the ability to promote a member to, or demote a member from, the default administrator role. That privilege is reserved for only members assigned the default administrator role.
`portal:admin:manageLicenses`			Grants the ability to manage licenses for organization members.
`portal:admin:updateMemberCategorySchema`			Grants the ability to configure the organization member category schema.

Groups

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`portal:admin:viewGroups`			Grants the ability to view all groups in the organization.
`portal:admin:updateGroups`			Grants the ability to update groups in the organization.
`portal:admin:deleteGroups`			Grants the ability to delete groups in the organization.
`portal:admin:reassignGroups`			Grants the ability to reassign groups to other members in the organization.
`portal:admin:assignToGroups`			Grants the ability to assign members to, and remove members from, groups in the organization.
`portal:admin:manageEnterpriseGroups`			Grants the ability to link group membership to organization-specific groups.
`portal:admin:createUpdateCapableGroup`			Grants the ability to create and own groups that allow group members to update al items in the group (shared update groups).
`portal:admin:createLeavingDisallowedGroup`			Introduced at 11.3. Grants the ability for members to create and own groups that do not allow members to leave (administrative groups).

Content

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`portal:admin:viewItems`			Grants the ability to view all content in the organization.
`portal:admin:updateItems`			Grants the ability to update and categorize content in the organization and edit hosted feature layers in your organization.
`portal:admin:deleteItems`			Grants the ability to delete content in the organization.
`portal:admin:reassignItems`			Grants the ability to reassign content to other members in the organization.
`portal:admin:updateItemCategorySchema`			Grants the ability to configure the organization content category schema.
`portal:publisher:publishServerGPServices`			Grants the ability to publish web tools to the organization.
`portal:admin:shareToOrg`			Grants the ability to share other members' content to the organization.
`portal:admin:shareToPublic`			Grants the ability to share other members' content to all users of the portal.
`portal:admin:createReports`			Introduced at 11.3. Grants the ability to create and manage administrative reports.

Marketplace subscriptions

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`marketplace:admin:manage`			Grants the ability to create listings and list items and manage subscriptions in ArcGIS Marketplace.
`marketplace:admin:purchase`			Grants the ability to request purchase information about apps and data in ArcGIS Marketplace.
`marketplace:admin:startTrial`			Grants the ability to start trial subscriptions in ArcGIS Marketplace.

Webhooks

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`portal:admin:createGPWebhook`			Grants the ability to create, edit, and delete geoprocessing webhooks.

Organization settings

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`portal:admin:manageSecurity`			Grants the ability to manage the portal's security settings.
`portal:admin:manageWebsite`			Grants the ability to manage the organization's website settings.
`portal:admin:manageCollaborations`			Grants the ability to manage the organization's collaborations.
`portal:admin:manageCredits`			Grants the ability to manage the organization's credit budgeting settings.
`portal:admin:manageRoles`			Grants the ability to manage the organization's member roles.
`portal:admin:manageServers`			Grants the ability to manage the portal's server settings.
`portal:admin:manageUtilityServices`			Grants the ability to manage the organization's utility service settings.
`portal:admin:manageWebhooks`			Grants the ability to create, edit, and delete organizational webhooks and manage all webhooks within the portal.

Open data

Privilege	ArcGIS Online	ArcGIS Enterprise	Description
`opendata:user:openDataAdmin`			Grants the ability to manage Open Data Sites for the organization.

JSON Response syntax

Use dark colors for code blocksCopy
{
  "id": "<role id>",
  "privileges": [
    "<privilege1>",
    "<privilege2>",
    "<privilege3>",
    "<privilege4>",
    "<privilege5>"
  ]
}

JSON Response example

Use dark colors for code blocksCopy
{
  "id": "hzHOGSAky23XJu7Q",
  "privileges": [
    "features:user:edit",
    "features:user:fullEdit",
    "opendata:user:designateGroup",
    "portal:admin:viewUsers",
    "portal:user:createGroup"
  ]
}

Example usage

Description

Request parameters

Response properties

General privileges

Members

Groups

Content

Sharing

Premium Content | Content and Analysis

Features

Version Management

Webhooks

Administrative privileges

Members

Groups

Content

Marketplace subscriptions

Webhooks

Organization settings

Open data

JSON Response syntax

JSON Response example