As an administrator of your organization, you can configure custom roles to add control and flexibility to the default Viewer, User, Publisher, and Administrator roles in an organization. For example, you might have some members who need access to your maps and apps but do not need to create groups, and you might have other members who need to publish hosted feature layers but not hosted tile layers.
Your organization might have certain members who are responsible for creating content such as story maps and hosted feature layers but also need to join and share content with groups. A custom role with general privileges to publish hosted feature layers, share with groups, and geocode would be required for these workflows. Another common example is a member who needs to create and publish content in addition to certain administrative tasks such as inviting users into an organization and assigning department members to the correct groups. This custom role would require all general privileges and the following administrative privileges: all privileges in the Members category and the privilege to assign members to groups.
When configuring a custom role, you must specify a minimum member level for the role. Member levels allow organizations to control the scope of privileges that can be assigned to members through roles. Custom roles can be assigned as level 1 or level 2.
You can use predefined templates to get started and further refine the privileges based on the specific workflows in your organization. Some privileges are reserved for the administrator.
You can also assign roles in bulk to existing members.
- Verify that you are signed in as an administrator of your organization.
- Click Organization at the top of the site and click Edit Settings.
- Click Roles.
- Create, update, or assign roles:
- To create a new custom role, click Create Role and enter a name and description for the role. The name must be unique within your organization and can contain up to 128 characters. They are not case sensitive. Administrator, Publisher, User, and Viewer cannot be used as names for custom roles. The description can have up to 250 characters. Choose an existing role or template on which to base the new role. If necessary, change the minimum level for the custom role. Select the privileges for the custom role and click Save Role.
Caution:
Some workflows require a combination of privileges. For example, to publish hosted tile layers or publish hosted feature layers, you also need privileges to create content. To publish apps from Map Viewer or group pages, you need privileges to share items and create content.
- To view information about a role, click the information button in the row of the role. A pop-up appears with a description and a list of privileges. The row also contains the number of members assigned to each role.
- To edit one of your existing custom roles, click the Edit Role button in the row of the role. Change the name, description, member level, or privileges, and click Save Role.
- To delete one of your custom roles, click the Delete Role button in the row of the role. You cannot delete a role that is currently assigned to a member or a default role (Administrator, Publisher, User, or Viewer).
- To assign a role to existing members, click Assign Roles. Click the name or names from the member list or click Add All to add all members in the organization. You can also search for specific members by name, group, or role, or filter by level. Click Next, select the new role to assign the members, and click Assign.
- To create a new custom role, click Create Role and enter a name and description for the role. The name must be unique within your organization and can contain up to 128 characters. They are not case sensitive. Administrator, Publisher, User, and Viewer cannot be used as names for custom roles. The description can have up to 250 characters. Choose an existing role or template on which to base the new role. If necessary, change the minimum level for the custom role. Select the privileges for the custom role and click Save Role.
Templates
Templates contain a set of predefined privileges for common workflows such as consuming content and curating data. Use them as they have been configured or further customize them by adding and removing the privileges that fit the needs of your organization. The following templates are currently available:
- Viewer—Esri-defined viewer role that allows members to interact with maps, view content and groups shared with the organization, and view content shared with them in groups.
- Analyst—Mapcentric staff who create maps, use standard, raster, or GeoAnalytics tools, view content and groups shared with the organization, share content across the organization or with groups, publish hosted feature layers, and edit features.
- Author—Content creators who view content and groups shared with the organization, perform standard feature analysis, edit features, create groups, and publish hosted tile layers.
- Student—Members of a school organization who have general privileges to create content, view content and groups shared with the organization, join groups, share content with groups and the organization, and edit features.
- Publisher—Esri-defined publisher role that, in addition to the Author template privileges, allows members to share content with the public and make groups visible inside and outside the organization (depending on the security settings of the organization).
- User—Esri-defined user role that can create content and groups and share them inside and outside the organization (depending on the security settings of the organization).
Recommended workflow
Before you assign custom roles to members, you may want to test that the set of privileges in the role work as you intend. A recommended workflow is to define your custom role and assign it to an account where you can verify your desired privileges. You can edit the role, if necessary, and assign it to members of your organization.
Assign a default role
If you create a custom role that applies to most of the members of your organization, you can set it as the default role by choosing the role from the Default role for new members drop-down list. Additionally, you can set a Default level for new members. All members added to the organization after you set the default role and member level will be initially assigned accordingly.