Enable ownership-based access control
In this topic
- Prepare the data
- Publish the feature class
- Enable ownership-based access control
- Start the feature layer service
For features you publish from ArcMap to My Hosted Services, you can control who can edit features and what edits each person can perform by enabling ownership-based access control on the feature layer.
Ownership-based access control allows you to specify which edit operations can be performed on specific features and who can perform the edits. For example, you can set up the feature layer so only the person who adds the feature can update or delete it, and all other people connecting to the layer can only query the feature.
How you enable ownership-based access control depends on whether your portal uses ArcGIS Data Store or a managed database to store hosted feature layer data. If your portal uses ArcGIS Data Store, you can enable editor tracking and ownership-based access control on the hosted feature layer in the layer's item details. If your portal uses a managed database for hosted feature layer data, you must follow the steps in this topic to enable ownership-based access control.
Prepare the data
You must enable editor tracking on the feature class (or feature classes) before you can set ownership-based access rules on the feature layer.
Publish the feature class
Follow the instructions in Publish features to publish the feature class to My Hosted Services in ArcMap.
Enable ownership-based access control
Sign in to ArcGIS Server Manager, stop the feature layer service, and enable ownership-based access control it.
- Sign in to ArcGIS Server Manager as the portal administrator or the owner of the feature layer.
- Open the Hosted folder and stop the feature layer service by clicking the Stop button.
- Double-click the service to open its properties.
- Click Capabilities.
- Choose Feature Access from the list of capabilities.
- In the Properties section, check Enable ownership-based access control on features.
- Under Operations allowed on features created by other users, check the edit operations you want people to have on features they did not create.
For example:
- If you uncheck Query, the person logged in to the hosted feature layer will only see features he or she creates.
- If Query is checked, but Update and Delete are unchecked, features are read-only for anyone but the creator of the feature.
- If Query and Update are checked, but Delete is unchecked, features can be queried or altered by nonowners but cannot be deleted.
- Save the changes you made to the service properties.
Start the feature layer service
Once editor tracking and ownership-based access control are enabled, restart the feature layer service.
- Click the Hosted link to go back to the list of hosted services.
- Click the Start button next to the feature layer service to restart it.
People with privileges to edit can now connect to your feature layer and perform only those edit operations you have allowed. All edits made to the feature layer will record the user name of the connecting user and the time the edit was made. Note that if the feature layer is shared with everyone (public), no user name will be stored.