ArcGIS REST APIs

Manage access

ArcGIS Enterprise provides multiple methods for organizations to manage how their members access and interact with its content. One method is to assign members specific privileges through custom roles that include administrative privileges, such as managing an organization's security configuration. These custom roles allow organizations to delegate administrative tasks without assigning the default administrator role to multiple members.

The security privilege model is also used by the ArcGIS Server Administration REST API. Starting at 10.8.1, only members assigned specific administrative privileges can access the REST API. Access to other resources and operations is restricted based on the endpoints that are associated with, or required by, their role's privileges.

Privilege-based access

Members can only access certain endpoints in the ArcGIS Server Administration API based on the privileges assigned to their role. To learn more about these privileges, and the access they provide in an organization, see User types, roles, and privileges.

The following tables list the privileges that are authorized to access the ArcGIS Server Admin REST API.

Administrative privileges

Privilege category	Privileges
Content	Update Delete
Portal Settings	Security and infrastructure Servers Organization webhooks
Webhooks	Geoprocessing Warning Users assigned the Geoprocessing privilege must add the Publish server-based layers privilege to their custom role.

General privileges

Privilege category	Privileges
Content	Register data stores
Webhooks	Feature layer

Endpoint access

The following sections list the privileges necessary to access each endpoint in the ArcGIS Server Administration API.

Server Administration root

	Default administrator role only	Publisher role	Update	Delete	Security and infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
Server Administration Root
Create New Site
Export Site
Import Site
Delete Site
Join Site
Upgrade
Generate Token
Public Key

Full supportPartial supportNo support

Machines

	Default administrator role only	Publisher role	Update	Delete	Security and Infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
Machines
Register Machine
Rename Machine
Machine
Edit Machine
Start Machine
Stop Machine
Unregister Machine
Synchronize With Site
Machine Status
Hardware Configuration
SSL Certificates
Generate Certificate
Import Root Certificate
Import Existing Server Certificate
SSL Certificate
Generate CSR
Export Certificate
Delete Certificate
Import CA Signed Certificate

Full supportPartial supportNo support

Services

	Default administrator role only	Publisher role	Update	Delete	Security and Infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
Services
Edit Folder
Create Service
Rename Service
Can Create Service
Create Folder
Exists
Start Services
Stop Services
Delete Services
Export Services
Import Services
Federate
Unfederate
Types
Type
Extensions
Register Extension
Update Extension
Unregister Extension
Providers
Permissions
Add Permission
Has Child Permissions Conflict
Clean Permissions
Service Report
Default Service Properties
Update Default Service Properties
Webhooks
System
Utilities
Service
Service Status
Start Service
Stop Service
Edit Service
Change Provider
Delete Service
Service Statistics
Item Information
Edit Item Information
Upload Item Information File
Delete Item Information
Lifecycle Information
Webhooks
Create Webhook
Delete All
Activate All
Deactivate All
Webhook
Edit Webhook
Delete Webhook
Notification Status
Jobs
Job
Query Jobs
Purge Job Queue
Job Statistics
Delete Job
Cancel Job
Folder
Delete Folder

Full supportPartial supportNo support

Security

	Default administrator role only	Publisher role	Update	Delete	Security and Infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
Security
Users
Get Users
Search Users
Add User
Remove User
Update User
Assign Roles
Remove Roles
Get Privilege For User
Roles
Get Roles
Search Roles
Add Role
Remove Role
Update Role
Get Roles For User
Get Users Within Role
Add Users To Role
Remove Users From Role
Assign Privilege
Get Privilege For Role
Get Roles By Privilege
Tokens
Update Token Configuration
Security Configuration
Update Security Configuration
Update Identity Store
Test Identity Store
Change Server Role
Primary Site Administrator
Update Primary Site Administrator
Enable Primary Site Administrator
Disable Primary Site Administrator

Full supportPartial supportNo support

System

	Default administrator role only	Publisher role	Update	Delete	Security and Infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
System
Server Properties
Update Server Properties
Server Directories
Register Directory
Register Directories
Recover Server Directories
Server Directory
Unregister Directory
Clean Directory
Edit Directory
Configuration Store
Edit Configuration Store
Recover Configuration Store
Web Adaptors
Web Adaptor Configuration
Update Web Adaptors Configuration
Web Adaptor
Unregister Web Adaptor
Handlers
Rest Handler
Rest Cache
Clear Rest Cache
Services Directory
Edit Directory
SOAP
SOAP Handler Config
Edit SOAP Handler Config
Jobs
Job
Licenses
Deployment
Platform Services
Compute Platform
Start Compute Platform
Stop Compute Platform
Compute Platform Status
Compute Platform Health Check
Synchronization Service
Start Synchronization Service
Stop Synchronization Service
Synchronization Service Status
Synchronization Service Reset

Full supportPartial supportNo support

Data

	Default administrator role only	Publisher role	Update	Delete	Security and Infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
Data
Register Data Item
Unregister Data Item
Validate Data Item
Validate All Data Items
Find Data Items
Federate Data Item
Root Data Item
Lifecycle Information
Edit Data Item
Make Data Store Machine Primary
Validate Data Store
Remove Data Store Machine
Start Data Store Machine
Stop Data Store Machine
Datastore Configuration
Update Datastore Configuration
Relational Data Store Types
Register Relational Data Store Type
Relational Data Store Type
Edit Relational Data Store Type
Unregister Relational Data Store Type
Big Data File Share Manifest
Big Data File Share Manifest Regeneration
Big Data File Share Manifest Update
Big Data File Share Hints
Big Data File Share Hints Update

Full supportPartial supportNo support

Uploads

	Default administrator role only	Publisher role	Update	Delete	Security and Infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
Uploads
Upload Item
Register Item
Item
Upload Part
Commit Item
Delete Item
Item Parts

Full supportPartial supportNo support

Logs

	Default administrator role only	Publisher role	Update	Delete	Security and Infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
Logs
Query Logs
Clean Logs
Count Error Reports
Log Settings
Edit Log Settings

Full supportPartial supportNo support

KML

	Default administrator role only	Publisher role	Update	Delete	Security and Infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
Kml
Create Kmz
Kmz File

Full supportPartial supportNo support

Info

	Default administrator role only	Publisher role	Update	Delete	Security and Infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
Info

Full supportPartial supportNo support

Mode

	Default administrator role only	Publisher role	Update	Delete	Security and Infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
Mode
Update Site Mode

Full supportPartial supportNo support

Usage report

	Default administrator role only	Publisher role	Update	Delete	Security and Infrastructure	Servers	Geoprocessing	Feature layer	Register data stores
Usage Reports
Create Usage Report
Usage Reports Settings
Edit Usage Reports Settings
Usage Report
Edit Usage Report
Query Report Data
Delete Usage Report

Full supportPartial supportNo support