ArcGIS Enterprise provides multiple methods for organizations to manage how their members access and interact with its content. One method is to assign members specific privileges through custom roles that include administrative privileges, such as managing an organization's security configuration. These custom roles allow organizations to delegate administrative tasks without assigning the default administrator role to multiple members.
The security privilege model is also used by the ArcGIS Server Administration REST API. Starting at 10.8.1, only members assigned specific administrative privileges can access the REST API. Access to other resources and operations is restricted based on the endpoints that are associated with, or required by, their role's privileges.
Privilege-based access
Members can only access certain endpoints in the ArcGIS Server Administration API based on the privileges assigned to their role. To learn more about these privileges, and the access they provide in an organization, see User types, roles, and privileges.
The following tables list the privileges that are authorized to access the ArcGIS Server Admin REST API.
Administrative privileges
Privilege category | Privileges |
---|---|
Content |
|
Portal Settings |
|
Webhooks | Geoprocessing |
General privileges
Privilege category | Privileges |
---|---|
Content | Register data stores |
Webhooks | Feature layer |
Endpoint access
The following sections list the privileges necessary to access each endpoint in the ArcGIS Server Administration API.
Server Administration root
Default administrator role only | Publisher role | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | |
---|---|---|---|---|---|---|---|---|---|
Server Administration Root | |||||||||
Create New Site | |||||||||
Export Site | |||||||||
Import Site | |||||||||
Delete Site | |||||||||
Join Site | |||||||||
Upgrade | |||||||||
Generate Token | |||||||||
Public Key |
Machines
Default administrator role only | Publisher role | Update | Delete | Security and Infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | |
---|---|---|---|---|---|---|---|---|---|
Machines | |||||||||
Register Machine | |||||||||
Rename Machine | |||||||||
Machine | |||||||||
Edit Machine | |||||||||
Start Machine | |||||||||
Stop Machine | |||||||||
Unregister Machine | |||||||||
Synchronize With Site | |||||||||
Machine Status | |||||||||
Hardware Configuration | |||||||||
SSL Certificates | |||||||||
Generate Certificate | |||||||||
Import Root Certificate | |||||||||
Import Existing Server Certificate | |||||||||
SSL Certificate | |||||||||
Generate CSR | |||||||||
Export Certificate | |||||||||
Delete Certificate | |||||||||
Import CA Signed Certificate |
Services
Security
Default administrator role only | Publisher role | Update | Delete | Security and Infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | |
---|---|---|---|---|---|---|---|---|---|
Security | |||||||||
Users | |||||||||
Get Users | |||||||||
Search Users | |||||||||
Add User | |||||||||
Remove User | |||||||||
Update User | |||||||||
Assign Roles | |||||||||
Remove Roles | |||||||||
Get Privilege For User | |||||||||
Roles | |||||||||
Get Roles | |||||||||
Search Roles | |||||||||
Add Role | |||||||||
Remove Role | |||||||||
Update Role | |||||||||
Get Roles For User | |||||||||
Get Users Within Role | |||||||||
Add Users To Role | |||||||||
Remove Users From Role | |||||||||
Assign Privilege | |||||||||
Get Privilege For Role | |||||||||
Get Roles By Privilege | |||||||||
Tokens | |||||||||
Update Token Configuration | |||||||||
Security Configuration | |||||||||
Update Security Configuration | |||||||||
Update Identity Store | |||||||||
Test Identity Store | |||||||||
Change Server Role | |||||||||
Primary Site Administrator | |||||||||
Update Primary Site Administrator | |||||||||
Enable Primary Site Administrator | |||||||||
Disable Primary Site Administrator |
System
Data
Uploads
Default administrator role only | Publisher role | Update | Delete | Security and Infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | |
---|---|---|---|---|---|---|---|---|---|
Uploads | |||||||||
Upload Item | |||||||||
Register Item | |||||||||
Item | |||||||||
Upload Part | |||||||||
Commit Item | |||||||||
Delete Item | |||||||||
Item Parts |
Logs
Default administrator role only | Publisher role | Update | Delete | Security and Infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | |
---|---|---|---|---|---|---|---|---|---|
Logs | |||||||||
Query Logs | |||||||||
Clean Logs | |||||||||
Count Error Reports | |||||||||
Log Settings | |||||||||
Edit Log Settings |
KML
Default administrator role only | Publisher role | Update | Delete | Security and Infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | |
---|---|---|---|---|---|---|---|---|---|
Kml | |||||||||
Create Kmz | |||||||||
Kmz File |
Info
Default administrator role only | Publisher role | Update | Delete | Security and Infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | |
---|---|---|---|---|---|---|---|---|---|
Info |
Mode
Default administrator role only | Publisher role | Update | Delete | Security and Infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | |
---|---|---|---|---|---|---|---|---|---|
Mode | |||||||||
Update Site Mode |
Usage report
Default administrator role only | Publisher role | Update | Delete | Security and Infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | |
---|---|---|---|---|---|---|---|---|---|
Usage Reports | |||||||||
Create Usage Report | |||||||||
Usage Reports Settings | |||||||||
Edit Usage Reports Settings | |||||||||
Usage Report | |||||||||
Edit Usage Report | |||||||||
Query Report Data | |||||||||
Delete Usage Report |