Default administrators and those with the appropriate privileges can configure custom roles to add control and flexibility to the default Viewer, Data Editor, User, Publisher, and Administrator roles in an organization. For example, you may have members who need access to your maps and apps but do not need to create groups, and you may have other members who need to publish hosted feature layers but not hosted tile layers.
Your organization may have certain members who are responsible for creating content such as stories and hosted feature layers but also need to join and share content with groups. A custom role with general privileges to publish hosted feature layers, share with groups, and geocode is required for these workflows. Another common example is a member who needs to create and publish content in addition to certain administrative tasks such as inviting users into an organization and assigning department members to the correct groups. This custom role requires all general privileges and the following administrative privileges: all privileges in the Members category and the privilege to assign members to groups.
To get started, you can use predefined templates or existing roles and further refine the privileges based on the specific workflows in your organization. Some privileges are reserved for the administrator.
- Verify that you are signed in as a default administrator or custom role with administrative privileges to manage member roles.
- At the top of the site, click Organization and click the Settings tab.
- Click Member roles on the left side of the page.
- To create a custom role, do the following:
- Click Create role.
- In the Create role window, provide a name and description for the role.
The name must be unique within your organization and can contain up to 128 characters. They are not case sensitive. Administrator, Publisher, User, Data Editor, and Viewer cannot be used as names for custom roles. The description can have up to 250 characters.
- Do any of the following as needed:
- Change the privilege compatibility setting and review the compatible user types and available privileges.
- Select Set from existing role and import settings from an existing role or template on which to base the new custom role.
- Select the privileges for the custom role.
Some workflows require a combination of privileges. For example, to publish hosted tile layers or publish hosted feature layers, you also need privileges to create content. To publish apps from a map viewer or group pages, you need privileges to share items and create content.
- Click Save.
The custom role is created. You can assign it to members from the Members tab of the organization page.
- To edit a custom role, click the More options button for the role you want to edit, and click Edit. Change the name, description, or privileges, and click Save.
- To delete a custom role, click the More options button for the role you want to delete, and click Delete. You cannot delete a role that is currently assigned to a member or a default role (Administrator, Publisher, User, Data Editor, or Viewer).
To get information about a member role, click the Role information button in the row of the role. A pop-up appears with a description and a list of privileges. The row also indicates whether the role is a custom role or default role, as well as the number of members assigned to each role.
Templates contain a set of predefined privileges for common workflows such as consuming content and curating data. You can use templates as they have been configured or further customize them by adding and removing the privileges that fit the needs of your organization. The following templates are currently available:
- Analyst—Mapcentric staff who create maps; use standard, raster, or GeoAnalytics tools; view content and groups shared with the organization; share content across the organization or with groups; publish hosted feature layers; and edit features.
- Author—Content creators who view content and groups shared with the organization, perform standard feature analysis, edit features, create groups, and publish hosted tile layers.
- Student—Members of a school organization who have general privileges to create content, view content and groups shared with the organization, join groups, share content with groups and the organization, and edit features.
- Publisher—Esri-defined publisher role that, in addition to the Author template privileges, allows members to share content with the public and make groups visible inside and outside the organization (depending on the security settings of the organization).
- User—Esri-defined user role that can create content and groups and share them inside and outside the organization (depending on the security settings of the organization).
- Data Editor—Esri-defined editor role that can edit features, interact with maps, and view content shared with them in groups.
- Viewer—Esri-defined viewer role that allows members to interact with maps, view content and groups shared with the organization, and view content shared with them in groups.
Before you assign custom roles to members, you may want to test that the set of privileges in the role work as you intend. A recommended workflow is to define your custom role and assign it to an account where you can verify your privileges. You can edit the role, if necessary, and assign it to members of your organization.