ArcGIS Enterprise provides multiple ways for organizations to manage how their members access and interact with the portal and its content. One way organizations can manage their members' access is by assigning them specific privileges through default or custom roles. Privileges allow members to perform different tasks and workflows for an organization, such as allowing specific users to create and publish content while others can only view content.
At 10.7.1, organizations were able to create custom roles that included administrative privileges, such as the ability to manage the portal's look and feel or it's security configuration. Through these custom roles, organizations were able to delegate administrative tasks without having to assign the default administrator role to multiple members.
At 10.8, access to the Portal Administrator API is based on these same privileges. Members can only access the resources and operations associated with, or required by, their role's privileges. This restrictive access model allows organizations to continue to delegate administrative tasks without providing full administrative access.
Privilege-based access
Members will only be able to access certain endpoints in the Portal Administrator API based on the privileges assigned to their role. Resources and operations that are not accessible to members based on their assigned privileges will either be inaccessible through the UI or will return an error message when users with unauthorized privileges attempt to access them.
The table below shows which administrative privileges are authorized to access the Portal Administrator REST API:
| Administrative privilege category | Privilege name |
|---|---|
Members |
|
Groups |
|
Portal Settings |
|
Endpoint access
The following tables specify the required privileges for the most recent version of ArcGIS Enterprise. To see which privileges apply to the specific ArcGIS Enterprise version you are using, see your deployment's ArcGIS Portal Admin API installed help.
Portal Administrator root
| Default administrator role only | Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services | |
|---|---|---|---|---|---|---|---|---|---|---|
| Portal Administration Root | ||||||||||
| Create New Site | ||||||||||
| Upgrade | ||||||||||
| Export Site | ||||||||||
| Import Site | ||||||||||
| Join Site | ||||||||||
| Info | ||||||||||
| Backup Restore Information |
System
| Default administrator role only | Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services | |
|---|---|---|---|---|---|---|---|---|---|---|
| System | ||||||||||
| Web Adaptors | ||||||||||
| Web Adaptor | ||||||||||
| Unregister Web Adaptor | ||||||||||
| Web Adaptor Configuration | ||||||||||
| Update Web Adaptors Configuration | ||||||||||
| Directories | ||||||||||
| Directory | ||||||||||
| Edit Directory | ||||||||||
| Database | ||||||||||
| Update Database Account | ||||||||||
| Database Settings | ||||||||||
| Edit Database Settings | ||||||||||
| Indexer | ||||||||||
| Indexer Status | ||||||||||
| Reindex | ||||||||||
| System Properties | ||||||||||
| Update System Properties | ||||||||||
| Languages | ||||||||||
| Update Languages | ||||||||||
| Content | ||||||||||
| Content Configuration | ||||||||||
| Update Content Configuration | ||||||||||
| Email Settings | ||||||||||
| Update Email Settings | ||||||||||
| Test Email Settings | ||||||||||
| Delete Email Settings |
Security
| Default administrator role only | Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services | |
|---|---|---|---|---|---|---|---|---|---|---|
| Security | ||||||||||
| Users | ||||||||||
| Create User | ||||||||||
| Get Enterprise User | ||||||||||
| Update Enterprise User | ||||||||||
| Search Enterprise Users | ||||||||||
| Refresh User Membership | ||||||||||
| Groups | ||||||||||
| Search Enterprise Groups | ||||||||||
| Refresh Group Membership | ||||||||||
| Get Users Within Enterprise Group | ||||||||||
| Get Enterprise Groups for User | ||||||||||
| Token Configuration | ||||||||||
| Update Token Configuration | ||||||||||
| OAuth | ||||||||||
| Change App ID | ||||||||||
| Get App Info | ||||||||||
| Update App Info | ||||||||||
| Security Configuration | ||||||||||
| Update Security Configuration | ||||||||||
| Update Identity Store | ||||||||||
| Test Identity Store | ||||||||||
| Test Identity Store | ||||||||||
| SSL Certificates | ||||||||||
| SSL Certificate | ||||||||||
| Generate CSR | ||||||||||
| Export Certificate | ||||||||||
| Delete Certificate | ||||||||||
| Import Signed Certificate | ||||||||||
| Update Web Server Certificate | ||||||||||
| Generate Certificate | ||||||||||
| Import Root or Intermediate Certificate | ||||||||||
| Import Existing Certificate |
Federation
| Default administrator role only | Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services | |
|---|---|---|---|---|---|---|---|---|---|---|
| Federation | ||||||||||
| Federation Servers | ||||||||||
| Federated Servers | ||||||||||
| Federated Server | ||||||||||
| Validate Server | ||||||||||
| Update Server | ||||||||||
| Unfederate Server | ||||||||||
| Federate Servers | ||||||||||
| Validate Servers |
Logs
| Default administrator role only | Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services | |
|---|---|---|---|---|---|---|---|---|---|---|
| Logs | ||||||||||
| Query Logs | ||||||||||
| Clean Logs | ||||||||||
| Log Settings | ||||||||||
| Edit Log Settings |
Machines
| Default administrator role only | Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services | |
|---|---|---|---|---|---|---|---|---|---|---|
| Machines | ||||||||||
| Status | ||||||||||
| Unregister Machine | ||||||||||
| Machine | ||||||||||
| Machine Status | ||||||||||
| SSL Certificates | ||||||||||
| Update Web Server Certificate | ||||||||||
| Generate Certificate | ||||||||||
| Import Root Or Intermediate Certificate | ||||||||||
| Import Existing Server Certificate | ||||||||||
| SSL Certificate | ||||||||||
| Generate CSR | ||||||||||
| Export Certificate | ||||||||||
| Delete Certificate | ||||||||||
| Import Signed Certificate | ||||||||||
| Hardware Info |
License
| Default administrator role only | Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services | |
|---|---|---|---|---|---|---|---|---|---|---|
| License | ||||||||||
| Get Future License | ||||||||||
| Validate License | ||||||||||
| Import License | ||||||||||
| Release License | ||||||||||
| Populate License | ||||||||||
| Update License Manager |
Mode
| Default administrator role only | Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services | |
|---|---|---|---|---|---|---|---|---|---|---|
| Mode | ||||||||||
| Update Mode |