Skip To Content

Organization roles

A role defines the privileges that a member has within the organization. ArcGIS defines a set of privileges for the user, publisher, and administrator roles. In addition, organizations can define privileges at a more detailed level by creating and assigning custom roles.

  • Users—See a customized view of the site, use the organization's maps, apps, layers, and tools, and join groups owned by the organization. Users can also create maps and apps, add items, share content, and create groups.
  • Publishers—User privileges plus the ability to publish features and map tiles as hosted web layers. They can also perform analysis on layers in maps.
  • Administrators—User and publisher privileges plus privileges to manage the organization and other users. An organization must have at least one administrator. However, there are no limits on how many roles can be assigned within an organization. For example, if an organization has five members, all five members can be administrators.
  • Custom—A specific set of privileges defined by the administrator. For example, you might have access to maps and apps but cannot create groups. Or you might have privileges to publish features but not tiles.
Note:

When you federate a server with your portal, the portal's security store controls all access to the server. This provides a convenient sign in experience, but also impacts how you access and administer the federated server. For example, when you federate, any users, roles, and permissions that you previously configured on ArcGIS Server services are no longer valid. Access to services is instead determined by portal members, roles, and sharing permissions. Review the information in Administer a federated server to learn more about how federating will impact your existing site.

Role privileges

PrivilegeUserPublisherAdministratorCustom

Use maps and apps

Yes

Yes

Yes

Yes

Create content

Yes

Yes

Yes

Optional

Share maps and apps

Yes

Yes

Yes

Optional

Join and create groups

Yes

Yes

Yes

Optional

Edit features

Yes

Yes

Yes

Optional

Publish hosted web layers

Yes

Yes

Optional

Perform analysis

YesYes

Optional

Manage organization resources

Yes

Optional

Configure website

Yes

Create custom roles

Yes

Custom roles

Organizations might want to refine the standard roles into a more fine-grained set of privileges. For example, members who work with the organization's private maps and apps but do not have a need to create content can be added to the organization in a custom-defined viewer role. In addition, some administrative tasks such as inviting users or managing content can be designated to members through a custom role. There may be cases where members need to have the default administrator role instead of a custom role. For example, only default administrators can configure the website and create custom roles. Administrators configure custom roles based on any combination of the general and administrative privileges listed below.

General privileges

Members who perform specific tasks within the organization—create maps or edit features, for example—can have custom roles that give them the general privileges they need to work and share with groups, content, and features.

  • Create, update, and delete groups.
  • Join organizational groups.
  • Create, update, and delete content.
  • Publish hosted feature layers.
  • Publish hosted tile layers.
  • Publish hosted scene layers.
  • Share with groups.
  • Share with organization.
  • Share with public.
  • Make groups visible to organization.
  • Make groups visible to public.
  • Perform network analysis tasks such as create drive-time areas.
  • Perform spatial analysis tasks such as create buffers.
  • Use GeoEnrichment to enrich features.
  • Perform elevation analysis tasks on elevation data.

Administrative privileges

The privileges listed below allow custom roles to assist the default administrators with managing members, groups, and content in the organization. These custom administrative roles do not contain the full set of privileges of the default administrator role.

  • View all member account info.
  • Update member account info.
  • Delete members from the organization (only default administrators can delete other default administrators).
  • Disable members from the organization.
  • Change roles of members (only default administrators can change the role to and from the default administrator role).
  • Manage licenses for members.
  • View group owned by members.
  • Update group owned by members.
  • Delete group owned by members.
  • Reassign ownership of groups.
  • Add members to group.
  • Link groups to enterprise groups.
  • View content owned by members.
  • Update content owned by members.
  • Delete content owned by members.
  • Reassign ownership of content.

Privileges for common workflows

Some workflows require a combination of privileges. If you cannot perform a function that you think your role should be able to do, verify that your administrator has enabled the full set of required privileges.

In order to...You need privileges to....

Use the analysis tools

Create content, publish features, and use spatial analysis. Some tools require privileges to use GeoEnrichment or network analysis.

Publish hosted feature layers

Create content and publish hosted feature layers.

Publish hosted tile layers

Create content and publish hosted tile layers.

Publish hosted scene layers

Create content, publish hosted feature layers, and publish hosted scene layers.

Publish apps from the map viewer or group page

Create and share content (with groups, organization, or public).

Embed maps or groups

Create and share content with public.

Manage content owned by members

View all member account information; view, update, delete, and reassign content.

Manage groups owned by members

View all member account information; view, update, reassign, and delete group; and add member to group.

Manage member profiles

View and update all members' account information.

Reserved privileges

The privileges listed below are reserved for the default administrator.

  • Configure website.
  • Configure custom roles.
  • Set up enterprise logins.
  • Manage credit budgets.
  • Enable and disable Esri access on member accounts.
  • Disable multifactor authentication on member accounts.
  • Change member role to or from administrator.
  • Remove other administrators from the organization.
  • Move member content to different folders within the member's My Content page.
  • Share content with public when organization does not allow members to share outside the organization.
  • Create and own groups that allow members to update all items in the group.