Privileges

Privileges are a set of strings used to manage access to secure resources in ArcGIS. They are assigned to two types of entities:

  1. ArcGIS accounts used by ArcGIS users.
  2. Access tokens used by applications.

Privileges for accounts

All ArcGIS accounts have a list of privileges associated with them that determine the services, content, and operations the user is authorized to access.

All ArcGIS Location Platform accounts have a predefined list of privileges assigned when your Location Platform account is created. For a full list, go to List of privileges > ArcGIS Location Platform.

Privileges for access tokens

Applications use access tokens to access and perform operations with ArcGIS resources. All access tokens have privileges associated with them that determine the services, content, and operations they are authorized to access.

How privileges are granted to an access token depends on the type of authentication and developer credential you use. API key and app authentication allow you to set the privileges in your portal with developer credentials. User authentication assigns an access token privileges based on the user type and roles associated with the signed-in user account.

Type of authenticationType of developer credentialPrivilege management
API key authenticationAPI key credentialsPrivileges are granted using an item in your portal.
App authenticationOAuth credentialsPrivileges are granted using an item in your portal.
User authenticationOAuth credentialsPrivileges are inherited from the account when an ArcGIS user signs in.

Credentials with privileges

Developer credentials with privileges are supported in ArcGIS Location Platform, ArcGIS Online, and ArcGIS Enterprise. They are used to implement API key authentication and App authentication.

Privilege scopes

All privileges have a scope that describes the capabilities and level of permissions required to perform an operation. There are two types of scopes for privileges:

  • Standard scope: Privileges that do not require additional permissions from your account to perform operations. For example, accessing ArcGIS services or ArcGIS Location Services. These can be used to build public applications.

  • Personal scope: Privileges that require additional permissions from your account to perform operations. For example, creating items or performing administration tasks in your portal. These can only be used to build personal applications and automation scripts or private applications for your organization.

The following table shows the scope for each group of privileges:

Item access privilegesLocation service privilegesAnalysis privilegesPortal privileges (General)Portal privileges (Admin)
Standard scope
Personal scope
Full supportPartial supportNo support

    List of privileges

    The privileges available depend on the type of ArcGIS product and account you have, and the roles assigned to your account. The following table lists categories of privileges available for different products:

    ArcGIS Location PlatformArcGIS OnlineArcGIS Enterprise
    CategoryLabelPrivilege stringDescription
    BasemapsBasemap styles servicepremium:user:basemapsAllow application to access the basemap styles service. Learn more
    BasemapsStatic basemap tiles (beta)premium:user:staticbasemaptilesAllow application to access the static basemap tiles service. Learn more
    Data enrichmentGeoEnrichment servicepremium:user:geoenrichmentAllow application to access the GeoEnrichment service. Learn more
    ElevationElevation service (beta)premium:user:elevationAllow application to access the elevation service.
    GeocodingGeocode (stored)premium:user:geocode:storedAllow application to access the geocoding service and perform stored geocodes. Learn more
    GeocodingGeocode (not stored)premium:user:geocode:temporaryAllow application to access the geocoding service and perform geocodes that are not stored. Learn more
    PlacesPlace findingpremium:user:placesAllow application to access the places service. Learn more
    RoutingRoutingpremium:user:networkanalysis:routingAllow application to access the routing service and perform standard routing operations. Learn more
    RoutingClosest facilitypremium:user:networkanalysis:closestfacilityAllow application to access the routing service and perform closest facility routing operations. Learn more
    RoutingLocation allocationpremium:user:networkanalysis:locationallocationAllow application to access the routing service and perform location allocation operations. Learn more
    RoutingOptimized routingpremium:user:networkanalysis:optimizedroutingAllow application to access the routing service and perform optimized routing operations. Learn more
    RoutingOrigin/destination cost matrixpremium:user:networkanalysis:origindestinationcostmatrixAllow application to access the routing service and generate travel cost matrices. Learn more
    RoutingService areapremium:user:networkanalysis:serviceareaAllow application to access the routing service and generate service areas. Learn more
    RoutingMulti-vehicle routingpremium:user:networkanalysis:vehicleroutingAllow application to access the routing service and perform fleet routing operations. Learn more
    RoutingLast milepremium:user:networkanalysis:lastmiledeliveryAllow application to access the routing service and perform routing operations for last mile delivery. Learn more
    CategoryLabelPrivilege stringDescription
    BasemapsBasemap styles servicepremium:user:basemapsAllow application to access the basemap styles service. Learn more
    Data enrichmentGeoEnrichment servicepremium:user:geoenrichmentAllow application to access the GeoEnrichment service. Learn more
    GeocodingGeocode servicepremium:user:geocodeAllow application to access the geocoding service. Learn more
    RoutingRouting (Network analysis)premium:user:networkanalysisAllow application to access the routing service. Learn more

    Tutorials

    Create an API key

    Create and configure API key credentials to get a long-lived API key access token.


    Create OAuth credentials for user authentication

    Create and configure OAuth credentials to set up user authentication.


    Create OAuth credentials for app authentication

    Create and configure OAuth credentials to set up app authentication.


    Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.