Organization roles
In this topic
A role defines the privileges that a member has within the organization. Esri defines a set of privileges for the User, Publisher, and Administrator roles. In addition, organizations can define privileges at a more detailed level by creating and assigning custom roles.
- Users—See a customized view of the site, use the organization's maps, apps, layers, and tools, and join groups owned by the organization. Users can also create maps and apps, add items, share content, and create groups.
- Publishers—User privileges, plus the ability to publish features and map tiles as hosted web layers. They can also perform analysis on layers in maps.
- Administrators—User and Publisher privileges plus privileges to manage the organization and other users. An organization must have at least one Administrator. However, there are no limits on how many roles can be assigned within an organization. For example, if an organization has five members, all five members can be Administrators.
- Custom—A specific set of privileges defined by the Administrator. For example, you might have access to maps and apps but cannot create groups. Or you might have privileges to publish features but not tiles.
Note:
When you federate a server with your portal, the portal's security store controls all access to the server. This provides a convenient sign-on experience, but also impacts how you access and administer the federated server. For example, when you federate, any users, roles, and permissions that you previously configured on ArcGIS Server services are no longer valid. Access to services is instead determined by portal members, roles, and sharing permissions. Review the information in Administer a federated server to learn more about how federating will impact your existing site.
Role privileges
| Privilege | User | Publisher | Administrator | Custom |
|---|---|---|---|---|
Use maps and apps |
|
|
|
|
Create content |
|
|
| Optional |
Share maps and apps |
|
|
| Optional |
Join and create groups |
|
|
| Optional |
Edit features |
|
|
| Optional |
Publish hosted web layers |
|
| Optional | |
Manage organization resources |
| Optional | ||
Configure website |
| |||
Create custom roles |
|
Custom roles
Organizations might want to refine the standard roles into a more fine-grained set of privileges. For example, members who work with the organization's private maps and apps but do not have a need to create content can be added to the organization in a custom-defined viewer role. In addition, some administrative tasks such as inviting users or managing content can be designated to members through a custom role. There may be cases where members need to have the Esri-defined Administrator role instead of a custom role. For example, only Administrators can configure the website and create custom roles. Administrators configure custom roles based on any combination of the general and administrative privileges listed below.
General privileges
Members who perform specific tasks within the organization—create maps or edit features, for example—can have custom roles that give them the general privileges they need to work and share with groups, content, and features.
- Create, update, and delete groups
- Join organizational groups
- Create, update, and delete content
- Publish hosted feature layers
- Publish hosted tile layers
- Share with groups
- Share with organization
- Share with public
- Make groups visible to organization
- Make groups visible to public
Administrative privileges
Your organization might want to create roles for managing the members, groups, or content of the organization. These custom administrative roles do not contain the full set of privileges of the Administrator.
- View all member account info
- Update member account info
- Delete member from the organization (only Administrators can delete other Administrators)
- Disable member from the organization
- Change roles of members (only Administrators can change the role to and from Administrator)
- Manage licenses for members
- View group owned by member
- Update group owned by member
- Delete group owned by member
- Reassign ownership of groups
- Add member to groups
- Link groups to enterprise groups
- View content owned by member
- Update content owned by member
- Delete content owned by member
- Reassign ownership of content
Privileges for common workflows
Some workflows require a combination of privileges. If you cannot perform a function that you think your role should be able to do, verify that your Administrator has enabled the full set of required privileges.
| To... | You need privileges to.... |
|---|---|
Publish hosted feature layers | Create content and publish hosted feature layers. |
Publish hosted tile layers | Create content and publish hosted tile layers. |
Publish apps from the map viewer or group page | Create and share content (with groups, organization, or public). |
Embed maps or groups | Create and share content with public. |
Manage content owned by members | View all member account information; view, update, delete, and reassign content. |
Manage groups owned by members | View all member account information; view, update, reassign, and delete group; and add member to group. |
Manage member profiles | View and update all members' account information. |
Reserved privileges
Certain privileges are reserved for the Administrator. For example, only the Administrator can configure the website and remove other Administrators from the organization.
- Configure website
- Configure custom roles
- Set up enterprise logins
- Change member role to or from Administrator
- Remove other Administrators from the organization
- Move member content to different folders within the member's My Content page
- Share content with public when organization does not allow members to share outside the organization