- URL:https://[root]/portals/[portalID]/roles/[roleID]/setPrivileges(POST only)
Example usage
Below is a sample ArcGIS Online request URL for the setPrivileges operation:
POST /sharing/rest/portals/0123456789ABCDEF/roles/edgebRxFLiLt15df/setPrivileges HTTP/1.1
Host: org.arcgis.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
privileges={"privileges": ["portal:user:createItem","portal:user:joinGroup"]}&f=pjsonBelow is a sample ArcGIS Enterprise request URL for the setPrivileges operation:
POST /webadaptor/sharing/rest/portals/0123456789ABCDEF/roles/edgebRxFLiLt15df/setPrivileges HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
privileges={"privileges": ["portal:user:createItem","portal:user:joinGroup"]}&f=pjsonDescription
The Set Role Privileges operation (POST only) allows default organization administrators to set privileges for a custom role.
Request parameters
| Parameter | Details |
|---|---|
| privileges | A JSON object that contains an array of strings with predefined permissions within each. See Supported privileges with predefined permissions section below for all available role privileges. Example |
| f | The response format. The default format is html. Values: html | json | pjson |
ArcGIS Online supported privileges
The following sections outline the supported privileges in ArcGIS Online that have predefined permissions.
General privileges
Members
| Privilege | Description |
|---|---|
| portal:user:viewOrgUsers | Grants the ability to view members of the organization. |
Groups
| Privilege | Description |
|---|---|
| portal:user:createGroup | Grants the ability for a member to create, edit, and delete their own groups. |
| portal:user:joinGroup | Grants the ability to join groups in the organization. |
| portal:user:joinNonOrgGroup | Grants the ability to join groups external to the organization. |
| portal:user:viewOrgGroups | Grants the ability to view groups shared with the organization. |
| portal:user:invitePartneredCollaborationMembers | Grants the ability to invite members from partnered collaboration organizations to groups. |
| portal:user:addExternalMembersToGroup | Grants the ability to create groups that allow members from other organizations, as well as invite external members to groups. |
Content
| Privilege | Description |
|---|---|
| portal:user:createItem | Grants the ability for a member to create, edit, and delete their own content. |
| portal:publisher:publishFeatures | Grants the ability to publish hosted feature layers from shapefiles, CSV files, and so on. |
| portal:publisher:publishTiles | Grants the ability to publish hosted tile layers from tile packages, features, and so on. |
| portal:publisher:publishScenes | Grants the ability to publish hosted scene layers. |
| portal:publisher:publishDynamicImagery | Grants the ability to publish hosted dynamic imagery layers from a single image or collection of images. |
| portal:user:viewOrgItems | Grants the ability to view content shared with the organization. |
| premium:publisher:createNotebooks | Grants the ability to create and edit interactive notebook documents. |
| premium:publisher:scheduleNotebooks | Grants the ability to schedule notebooks. |
| portal:user:viewTracks | Grants the ability to view members' location tracks via shared track views when location tracking is enabled. |
| portal:user:reassignItems | Introduced at ArcGIS Enterprise 11.0—Grants a user the ability to reassign only their content to another member with the privilege to receive content. |
| portal:user:receiveItems | Introduced at ArcGIS Enterprise 11.0—Grants a user the ability to receive content that is reassigned to them by another member with the privilege to reassign content. |
Sharing
| Privilege | Description |
|---|---|
| portal:user:shareToGroup | Grants the ability to share content to groups. |
| portal:user:shareToOrg | Grants the ability to share content to the organization. |
| portal:user:shareToPublic | Grants the ability to share content to all users of the portal. |
| portal:user:shareGroupToOrg | Grants the ability to make groups discoverable by the organization. |
| portal:user:shareGroupToPublic | Grants the ability to make groups discoverable by all users of the portal. |
| opendata:user:designateGroup | Grants the ability to designate groups in the organization as being available for use in Open Data. |
Premium content
| Privilege | Description |
|---|---|
| premium:user:geocode | Grants the ability to perform large-volume geocoding tasks with the Esri World Geocoder, such as publishing a CSV file of addresses as a hosted feature layer. |
| premium:user:networkanalysis | Grants the ability to perform network analysis tasks such as routing and drive-time areas. |
| premium:user:spatialanalysis | Grants the ability to perform spatial analysis tasks. |
| premium:user:geoenrichment | Grants the ability to geoenrich features. |
| premium:user:demographics | Grants the ability to make use of premium demographic data. |
| premium:user:featurereport | Grants the ability to create feature reports in ArcGIS Survey123. |
| premium:publisher:createAdvancedNotebooks | Grants the ability to import and use ArcPy modules in notebooks. |
| premium:user:places | Grants the ability to perform local place, or point of interest search with the new places-service (beta). Available for developer subscriptions only. |
Features
| Privilege | Description |
|---|---|
| features:user:edit | Grants the ability to edit features in editable layers, according to the edit options enabled on the layer. |
| features:user:fullEdit | Grants the ability to add, delete, and update features in a hosted feature layer regardless of the editing options enabled on the layer. |
Administrative privileges
Members
| Privilege | Description |
|---|---|
| portal:admin:viewUsers | Grants the ability to view full member account information in the organization. |
| portal:admin:updateUsers | Grants the ability to update member account information and categorize members in the organization. |
| portal:admin:deleteUsers | Grants the ability to delete member accounts in the organization. |
| portal:admin:inviteUsers | Grants the ability to invite members to the organization. |
| portal:admin:disableUsers | Grants the ability to enable and disable member accounts in the organization. |
| portal:admin:changeUserRoles | Grants the ability to change the role a member is assigned in the organization; however, it does not grant the ability to promote a member to, or demote a member from, the Administrator role. That privilege is reserved for the Administrator role alone. |
| portal:admin:manageLicenses | Grants the ability to assign licenses to members of the organization. |
| portal:admin:updateMemberCategorySchema | Grants the ability to configure the organization member category schema. |
Groups
| Privilege | Description |
|---|---|
| portal:admin:viewGroups | Grants the ability to view all groups in the organization. |
| portal:admin:updateGroups | Grants the ability to update groups in the organization. |
| portal:admin:deleteGroups | Grants the ability to delete groups in the organization. |
| portal:admin:reassignGroups | Grants the ability to reassign groups to other members in the organization. |
| portal:admin:assignToGroups | Grants the ability to assign members to, and remove members from, groups in the organization. |
| portal:admin:manageEnterpriseGroups | Grants the ability to link group membership to an enterprise group. |
| portal:admin:createUpdateCapableGroup | Grants the ability to create and own groups with item update capabilities. |
Content
| Privilege | Description |
|---|---|
| portal:admin:viewItems | Grants the ability to view all content in the organization. |
| portal:admin:updateItems | Grants the ability to update and categorize content in the organization and edit hosted feature layers in your organization. |
| portal:admin:deleteItems | Grants the ability to delete content in the organization. |
| portal:admin:reassignItems | Grants the ability to reassign content to other members in the organization. |
| portal:admin:updateItemCategorySchema | Grants the ability to configure the organization content category schema. |
| portal:admin:shareToOrg | Grants the ability to share other members' content to the organization. |
| portal:admin:shareToPublic | Grants the ability to share other members' content to all users of the portal. |
ArcGIS Marketplace subscriptions
| Privilege | Description |
|---|---|
| marketplace:admin:manage | Grants the ability to create listings and list items and manage subscriptions in ArcGIS Marketplace. |
| marketplace:admin:purchase | Grants the ability to request purchase information about apps and data in ArcGIS Marketplace. |
| marketplace:admin:startTrial | Grants the ability to start trial subscriptions in ArcGIS Marketplace. |
Organization settings
| Privilege | Description |
|---|---|
| portal:admin:manageSecurity | Grants the ability to manage the organization's security and infrastructure settings. |
| portal:admin:manageWebsite | Grants the ability to manage the organization's website settings. |
| portal:admin:manageCollaborations | Grants the ability to manage the organization's collaborations. |
| portal:admin:manageCredits | Grants the ability to manage the organization's credit budgeting settings. |
| portal:admin:manageRoles | Grants the ability to manage the organization's member roles. |
| portal:admin:manageUtilityServices | Grants the ability to manage the organization's utility service settings. |
Open data
| Privilege | Description |
|---|---|
| opendata:user:openDataAdmin | Grants the ability to manage Open Data Sites for the organization. |
ArcGIS Enterprise supported privileges
The following sections outline the supported privileges in ArcGIS Enterprise that have predefined permissions.
General privileges
Members
| Privilege | Description |
|---|---|
| portal:user:viewOrgUsers | Grants the ability to view members of the organization. |
Groups
| Privilege | Description |
|---|---|
| portal:user:createGroup | Grants the ability for a member to create, edit, and delete their own groups. |
| portal:user:joinGroup | Grants the ability to request to join groups in the organization. |
| portal:user:viewOrgGroups | Grants the ability to discover groups that are configured to allow portal members to view them. |
Content
| Privilege | Description |
|---|---|
| portal:user:createItem | Grants the ability for a member to create, edit, and delete their own content. |
| portal:publisher:publishFeatures | Grants the ability to publish hosted feature layers from shapefiles, CSV files, and apps like ArcGIS Pro. This privilege is required when using apps that create hosted feature layers, such as ArcGIS Survey 123 and ArcGIS Workforce. |
| portal:publisher:publishTiles | Grants the ability to publish hosted tile layers to the portal from tile packages or apps like ArcGIS Pro. |
| portal:publisher:publishScenes | Grants the ability to publish hosted scene layers from within the portal and from apps like ArcGIS Pro. |
| portal:publisher:publishDynamicImagery | Grants the ability to publish hosted dynamic imagery layers from a single image or collection of images. Note:This privilege requires that your deployment be configured for raster analysis. |
| portal:publisher:publishServerServices | Grants the ability to publish ArcGIS Server web layers to ArcGIS Server sites that are federated with the portal. These services often reference registered data from geodatabases or file-based data sources. This privilege is also required for members who will bulk publish layers from a data store item. |
| portal:publisher:publishKnowledgeGraph | Grants the ability to publish hosted knowledge graphs in ArcGIS Pro. This privilege is only visible if an ArcGIS Knowledge Server is configured for your organization. |
| portal:user:viewOrgItems | Grants the ability to view content shared with the organization. |
| portal:publisher:registerDataStores | Grants the ability to add data store items to the portal. |
| portal:publisher:bulkPublishFromDataStores | Grants the owner of a database data store item the ability to publish feature and map layers from all feature classes and tables that can be accessed in the database. |
| portal:user:viewTracks | Grants the ability to view members' location tracks via shared track views when location tracking is enabled. |
| premium:publisher:createNotebooks | Grants the ability to open and run notebooks, including shared notebooks and notebooks created from a notebook file that has been imported to the portal, and create and edit notebooks using the ArcGIS Notebooks Standard runtime. This privilege is only visible if Notebook Server is configured for your organization. Note:This privilege is required for users who will be running web tools published from a notebook. |
| premium:publisher:scheduleNotebooks | Grants the ability to schedule future runs of ArcGIS Notebooks. This privilege is only visible if Notebook Server is configured for your organization. |
| portal:user:reassignItems | Introduced at ArcGIS Enterprise 11.0—Grants a user the ability to reassign only their content to another member with the privilege to receive content. |
| portal:user:receiveItems | Introduced at ArcGIS Enterprise 11.0—Grants a user the ability to receive content that is reassigned to them by another member with the privilege to reassign content. |
Sharing
| Privilege | Description |
|---|---|
| portal:user:shareToGroup | Grants an organization member the ability to share their owned content with any groups to which they belong. |
| portal:user:shareToOrg | Grants organization members the ability to share any items they own with their organization. |
| portal:user:shareToPublic | Grants organization members the ability to share any items they own with everyone, including the public. |
| portal:user:shareGroupToOrg | Grants the ability for any group a member makes to be discoverable. It is recommended that this privilege be assigned to members who also have the portal:user:createGroup privilege as well. |
| portal:user:shareGroupToPublic | Grants the ability to make any group owned by an organization member visible to everyone in the organization, including the public and allowing for anonymous portal users to view the group. It is recommended that this privilege be assigned to members who also have the portal:user:createGroup privilege as well. |
Content and Analysis
| Privilege | Description |
|---|---|
| premium:user:geocode | Grants the ability to use ArcGIS World Geocoding Service convert addresses or places to map points and store the results. |
| premium:user:networkanalysis | Grants the ability to perform network analysis tasks such as routing and drive-time areas. |
| premium:user:spatialanalysis | Grants the ability to perform spatial analysis tasks, such as creating buffers. |
| premium:user:geoenrichment | Grants the ability to use the GeoEnrichment service to access demographic information. |
| premium:publisher:geoanalytics | Grants the ability to perform GeoAnalytics tasks. |
| premium:publisher:rasteranalysis | Grants the ability to use raster analysis tools. This privilege requires that your deployment be configured for raster analysis. |
| premium:publisher:createAdvancedNotebooks | Grants the ability to author notebooks using advanced runtimes. This privilege is only available if Notebook Server is configured for your organization. |
Grants the ability to run web tools published from notebooks. This privilege is only available if Notebook Server is configured for your organization. |
Features
| Privilege | Description |
|---|---|
| features:user:edit | Grants the ability to edit features based on a layer's permissions and update schema on a knowledge graph layer. |
| features:user:fullEdit | Grants the ability to add, delete, and update features and attributes in a hosted feature layer regardless of the editing options enabled on the layer. |
Version management
| Privilege | Description |
|---|---|
| features:user:manageVersions | Grants the ability to view, alter, and delete all branch versions accessed through an ArcGIS Server web feature layer, as well as the ability to manage version locks. Note:If this privilege is assigned in the front-end of ArcGIS Enterprise portal, the following privileges are assigned by default. Users assigned the features:user:manageVersions privilege and those from the list below are considered to be version administrators.
|
Webhooks
| Privilege | Description |
|---|---|
| portal:publisher:createFeatureWebhook | Grants the ability to create, edit, and delete their own feature layer webhooks. |
Administrative privileges
Members
| Privilege | Description |
|---|---|
| portal:admin:viewUsers | Grants the ability to view full member account information in the organization. |
| portal:admin:updateUsers | Grants the ability to update member account information, reset passwords, and assign or unassign member categories. Note:Only members assigned the default administrator role can edit another member's password who has also been assigned the default administrator role. A member with a custom role that includes portal:admin:updateUsers will not be able to update the password of a default administrator. |
| portal:admin:deleteUsers | Grants the ability to delete member accounts in the organization. |
| portal:admin:inviteUsers | Grants the ability to add members to the organization. |
| portal:admin:disableUsers | Grants the ability to enable and disable member accounts in the organization. |
| portal:admin:changeUserRoles | Grants the ability to change the role a member is assigned in the organization; however, it does not grant the ability to promote a member to, or demote a member from, the default administrator role. That privilege is reserved for only members assigned the default administrator role. |
| portal:admin:manageLicenses | Grants the ability to manage licenses for organization members. |
| portal:admin:updateMemberCategorySchema | Grants the ability to configure the organization member category schema. |
Groups
| Privilege | Description |
|---|---|
| portal:admin:viewGroups | Grants the ability to view all groups in the organization. |
| portal:admin:updateGroups | Grants the ability to update member-owned groups in the organization. |
| portal:admin:deleteGroups | Grants the ability to delete member-owned groups in the organization. |
| portal:admin:reassignGroups | Grants the ability to reassign groups to other members in the organization. |
| portal:admin:assignToGroups | Grants the ability to assign members to, and remove members from, groups in the organization. |
| portal:admin:manageEnterpriseGroups | Grants the ability to link group membership to organization-specific groups. |
| portal:admin:createUpdateCapableGroup | Grants the ability to create and own groups that allow group members to update al items in the group (shared update groups). |
Content
| Privilege | Description |
|---|---|
| portal:admin:viewItems | Grants the ability to view all member content in the organization. |
| portal:admin:updateItems | Grants the ability to update and categorize member content in the organization. |
| portal:admin:deleteItems | Grants the ability to delete member owned content. |
| portal:admin:reassignItems | Grants the ability to reassign content to other members in the organization. |
| portal:admin:updateItemCategorySchema | Grants the ability to configure the organization content category schema. |
| portal:publisher:publishServerGPServices | Grants the ability to publish web tools created in ArcGIS Pro to a federated server or publish web tools from a notebook. |
| portal:admin:shareToOrg | Grants the ability to share content owned by other members of your organization with the organization. |
| portal:admin:shareToPublic | Grants the ability to share other members' content to all users of the portal. |
Webhooks
| Privilege | Description |
|---|---|
| portal:admin:createGPWebhook | Grants the ability to create, edit, and delete geoprocessing webhooks. |
Organization settings
| Privilege | Description |
|---|---|
| portal:admin:manageSecurity | Grants the ability to manage the portal's security settings. |
| portal:admin:manageWebsite | Grants the ability to manage the organization's website settings. |
| portal:admin:manageCollaborations | Grants the ability to manage the organization's collaborations. |
| portal:admin:manageRoles | Grants the ability to manage the organization's member roles. |
| portal:admin:manageServers | Grants the ability to manage the portal's server settings. |
| portal:admin:manageUtilityServices | Grants the ability to manage the organization's utility service settings. |
| portal:admin:manageWebhooks | Grants the ability to create, edit, and delete organizational webhooks and manage all webhooks within the portal. |
Response properties
| Property | Details |
|---|---|
| success | Indicates if the operation was successful. |
JSON Response syntax
{
"success": <true | false>
}JSON Response example
{
"success": true
}