Manage access

ArcGIS Enterprise provides multiple ways for organizations to manage how their members access and interact with the portal and its content. One way organizations can manage their members' access is by assigning them specific privileges through default or custom roles. Privileges allow members to perform different tasks and workflows for an organization, such as allowing specific users to create and publish content while others can only view content.

At 10.7.1, organizations were able to create custom roles that included administrative privileges, such as the ability to manage the portal's look and feel or it's security configuration. Through these custom roles, organizations were able to delegate administrative tasks without having to assign the default administrator role to multiple members.

At 10.8, access to the Portal Administrator API is based on these same privileges. Members can only access the resources and operations associated with, or required by, their role's privileges. This restrictive access model allows organizations to continue to delegate administrative tasks without providing full administrative access.

Privilege-based access

Members will only be able to access certain endpoints in the Portal Administrator API based on the privileges assigned to their role. Resources and operations that are not accessible to members based on their assigned privileges will either be inaccessible through the UI or will return an error message when users with unauthorized privileges attempt to access them.

The table below shows which administrative privileges are authorized to access the Portal Administrator REST API:

Administrative privilege categoryPrivilege name

Members

  • Add
  • Manage Licenses

Groups

  • Link to Enterprise Groups

Portal Settings

  • Security and infrastructure
  • Organization Website
  • Collaborations
  • Member Roles
  • Servers
  • Utility Services

Endpoint access

The following tables specify the required privileges for the most recent version of ArcGIS Enterprise. To see which privileges apply to the specific ArcGIS Enterprise version you are using, see your deployment's ArcGIS Portal Admin API installed help.

Portal Administrator root

Default administrator role onlyAddManage LicensesLink to Enterprise GroupsSecurity and InfrastructureOrganization WebsiteCollaborationsMember RolesServersUtility Services
Portal Administration Root
Create New Site
Upgrade
Export Site
Import Site
Join Site
Info
Backup Restore Information
Full supportPartial supportNo support

    System

    Default administrator role onlyAddManage LicensesLink to Enterprise GroupsSecurity and InfrastructureOrganization WebsiteCollaborationsMember RolesServersUtility Services
    System
    Web Adaptors
    Web Adaptor
    Unregister Web Adaptor
    Web Adaptor Configuration
    Update Web Adaptors Configuration
    Directories
    Directory
    Edit Directory
    Database
    Update Database Account
    Database Settings
    Edit Database Settings
    Indexer
    Indexer Status
    Reindex
    System Properties
    Update System Properties
    Languages
    Update Languages
    Content
    Content Configuration
    Update Content Configuration
    Email Settings
    Update Email Settings
    Test Email Settings
    Delete Email Settings
    Full supportPartial supportNo support

      Security

      Default administrator role onlyAddManage LicensesLink to Enterprise GroupsSecurity and InfrastructureOrganization WebsiteCollaborationsMember RolesServersUtility Services
      Security
      Users
      Create User
      Get Enterprise User
      Update Enterprise User
      Search Enterprise Users
      Refresh User Membership
      Groups
      Search Enterprise Groups
      Refresh Group Membership
      Get Users Within Enterprise Group
      Get Enterprise Groups for User
      Token Configuration
      Update Token Configuration
      OAuth
      Change App ID
      Get App Info
      Update App Info
      Security Configuration
      Update Security Configuration
      Update Identity Store
      Test Identity Store
      Test Identity Store
      SSL Certificates
      SSL Certificate
      Generate CSR
      Export Certificate
      Delete Certificate
      Import Signed Certificate
      Update Web Server Certificate
      Generate Certificate
      Import Root or Intermediate Certificate
      Import Existing Certificate
      Full supportPartial supportNo support

        Federation

        Default administrator role onlyAddManage LicensesLink to Enterprise GroupsSecurity and InfrastructureOrganization WebsiteCollaborationsMember RolesServersUtility Services
        Federation
        Federation Servers
        Federated Servers
        Federated Server
        Validate Server
        Update Server
        Unfederate Server
        Federate Servers
        Validate Servers
        Full supportPartial supportNo support

          Logs

          Default administrator role onlyAddManage LicensesLink to Enterprise GroupsSecurity and InfrastructureOrganization WebsiteCollaborationsMember RolesServersUtility Services
          Logs
          Query Logs
          Clean Logs
          Log Settings
          Edit Log Settings
          Full supportPartial supportNo support

            Machines

            Default administrator role onlyAddManage LicensesLink to Enterprise GroupsSecurity and InfrastructureOrganization WebsiteCollaborationsMember RolesServersUtility Services
            Machines
            Status
            Unregister Machine
            Machine
            Machine Status
            SSL Certificates
            Update Web Server Certificate
            Generate Certificate
            Import Root Or Intermediate Certificate
            Import Existing Server Certificate
            SSL Certificate
            Generate CSR
            Export Certificate
            Delete Certificate
            Import Signed Certificate
            Hardware Info
            Full supportPartial supportNo support

              License

              Default administrator role onlyAddManage LicensesLink to Enterprise GroupsSecurity and InfrastructureOrganization WebsiteCollaborationsMember RolesServersUtility Services
              License
              Get Future License
              Validate License
              Import License
              Release License
              Populate License
              Update License Manager
              Full supportPartial supportNo support

                Mode

                Default administrator role onlyAddManage LicensesLink to Enterprise GroupsSecurity and InfrastructureOrganization WebsiteCollaborationsMember RolesServersUtility Services
                Mode
                Update Mode
                Full supportPartial supportNo support

                  Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.