Ownership-based access control for feature services
In this topic
This functionality can only be used with enterprise geodatabases, not databases.
You can configure a feature service to record information about who created each feature. You can also restrict people from accessing features they do not own. This is known as ownership-based access control.
To use ownership-based access control, you need to designate a field in your dataset to hold the creator name. You then modify the Editor Tracking settings to designate this as the Creator Field. See Editor tracking for feature services for the steps of this process.
When you publish the service and check the Feature Access capability, also check the property Enable ownership-based access control on features. You can then choose Operations allowed on features created by other users (Query, Update, and Delete) to specify the things that noncreators can do. The creator can perform all the operations allowed on the service in general.
Keep in mind that if you uncheck Query, the logged in user will only see features they created. Conversely, if Query is checked and Update and Delete are unchecked, the user can Query but will have read-only access to features owned by other users.
Ownership-based access control only works if the service can get information about who is creating features and trying to access them. In the client application, the developer must require the user to enter ArcGIS Server credentials. The developer then uses this information to obtain a token from ArcGIS Server. The encrypted token containing the user information should be passed to the feature service when making requests.
When someone creates a feature from an anonymous request (meaning the request does not contain user information), the creator field is left empty and anyone can access the feature.
Edits made by anonymous users through the feature service are logged as Esri_Anonymous in the geodatabase; however, these values will appear as an empty string to clients that consume the feature service. When you query the feature service through the REST Services Directory to find features created by anonymous users, you must specify Esri_Anonymous. For example, if the feature layer contains a creator field named created_by, type created_by='Esri_Anonymous' in the Where field.
When a feature service is used in a map that is taken offline for editing, the user name of the person who took the map offline is used to track edits and access control is enforced based on this user. Be aware that ownership-based access control is not enforced for ArcGIS Server administrators; administrators have full permissions.
If some of the datasets in the service do not have a creator field designated, ownership-based access control is not enforced for those datasets. If you've checked the check box to enable ownership-based access control and have not specified a creator field, you may see warnings when you analyze the map for publishing. Layers and tables without a creator field use the permissions rules set at the service level, as described in Editor permissions for feature services.
When you set up ownership-based access control, you can choose to specify a user realm. For example, if the user realm is set to myserver.com and the user Bob connects and inserts a feature through the service, the creator is set to Bob@myserver.com. If Bob inserts a feature in ArcMap, the creator is set to Bob.
Ownership-based access control rules are valid for nonadministrative web editors performing edits through the service.
Tips and best practices
It's also important to note that the ownership-based access control options are limited to the operations allowed for all users at the service level. For example, if the service-level Update and Delete operations are unchecked, the Update and Delete operations are also unchecked for ownership-based access control settings.
When publishing a service, it is recommended that you keep the creator field visible for all layers and tables. This allows clients to know which user created a given feature. They can use this information to prevent users from attempting to edit features they do not have permissions to edit. If the creator field is hidden, clients consuming the feature service won't know which user created a given feature. If the client attempts to edit a feature in which it doesn't have permission, an error will be returned.
It's important to note the difference between editor tracking and ownership-based access control. If editor tracking is set for a layer at the dataset level, edits are tracked by the feature service regardless of whether ownership-based access rules are in place. However, editor tracking at the dataset level is required to set ownership-based access rules.
When edits are made by a non-authenticated user, the creator or editor field value is left empty. If ownership-based access control is enabled, any user can edit features. If ownership-based access control is enabled, and the creator is NULL, the features or records are read-only; no one can edit features. Service authors can configure their data such that features they want to be read-only have NULL as the creator.