This tutorial shows you how you can secure ArcGIS Server services with users and roles managed in the built-in store installed with ArcGIS Server.
You can secure your services by following three steps:
Configuring ArcGIS Server security
By default, ArcGIS Server is configured to use users and roles managed in the built-in store. If you have not made any changes to the out-of-the-box security configuration, you can skip this section. If you've been using some other way to store your users and roles and you want to change the configuration to use the built-in store, follow the steps below.
- Open Manager and log in as the primary site administrator. You must use the primary site administrator account. If you need help with this step, see Logging in to Manager.
- Click Security > Settings.
- Click the Edit button next to Configuration Settings.
- On the User and Role Managementpage, choose Users and roles from ArcGIS Server's built-in store, then click Next.
- Click Finish to apply and save the security configuration.
Adding users and roles
After choosing to use the built-in store for user and role management, you will need to create new users and roles.
Add new users following the steps in Adding a new user in Manager.
Add new roles following the steps in Adding a new role in Manager.
Setting permissions for ArcGIS web services
Once you have configured your security settings and defined users and roles, you can set permissions for services to control who is allowed to access them.
ArcGIS Server controls access to the GIS web services hosted on your server using a role-based access control model. In a role-based access control model, the permission to access a secured service is controlled by assigning roles to that service. To consume a secured service, a user must be a member of a role that has been assigned permissions to access it.
Permissions may be assigned to an individual web service or to the parent folder containing a group of services. If you assign permissions to a folder, any service contained within inherits the folder's permissions. For example, if you grant a role access to the site (root) folder, users belonging to that role will be granted access to all the services hosted on that site. Also, to override permissions automatically inherited by a service from its parent folder, you can edit the service and explicitly remove the permissions that were inherited.
To set permissions for a service, see Editing permissions in Manager.
Testing access to secured services
To test your setup, follow the steps below.
- Open the ArcGIS Token page: http://gisserver.domain.com:6080/arcgis/tokens.
- Acquire a token for a user that has permissions to the ArcGIS web service you want to access. If you need help with this step, see Acquiring ArcGIS tokens.
- Access the ArcGIS web service by appending the token to the request.
To access the SOAP endpoint, use the URL: http://gisserver.domain.com:6080/arcgis/services/folder/service/MapServer?wsdl&token=6dzPxjidIoBu2yIVpUW3FCW6RXH_xi2ejMoHnlWyenahmd6OYS9jnSso-GhmCA3W
To access the REST endpoint, use the URL: http://gisserver.domain.com:6080/arcgis/rest/services/myfolder/myservice/MapServer?token=6dzPxjidIoBu2yIVpUW3FCW6RXH_xi2ejMoHnlWyenahmd6OYS9jnSso-GhmCA3W