Skip To Content

Configure member roles

Members of the default administrator role or a custom role with the appropriate privileges can configure custom roles to add control and flexibility to the default Viewer, Data Editor, User, Publisher, and Administrator roles in an organization. For example, you may have members who need access to your maps and apps but do not need to create groups, and you may have other members who need to publish hosted feature layers but not hosted tile layers.

Your organization may have certain members who are responsible for creating content such as stories and hosted feature layers but who also need to join and share content with groups. To allow these members to perform these tasks, create a custom role with general privileges to publish hosted feature layers, share with groups, and geocode. Another common example is a member who needs to create and publish content in addition to certain administrative tasks such as inviting users into an organization and assigning department members to the correct groups. This custom role requires all general privileges and the following administrative privileges:

  • All privileges in the Members category
  • The privilege to assign members to groups

To get started, you can use predefined templates or existing roles and further refine the privileges based on the workflows in your organization.


Some privileges are reserved for default administrators and cannot be assigned to a custom role.

After configuring a custom role, you can assign the role to existing members. You can also select a custom role as a new member default for the organization.

  1. Verify that you are signed in as a member of the default administrator role or custom role with administrative privileges to manage member roles.
  2. At the top of the site, click Organization and click the Settings tab.
  3. Click Member roles.
  4. To create a custom role, do the following:
    1. Click Create role.
    2. In the Create role window, provide a name and description for the role.

      The name must be unique within your organization and cannot be the same as the name of a default role or template. Role names can contain up to 128 characters and are not case sensitive.

      The description can have up to 250 characters.

    3. Do any of the following as needed:
      • Change the privilege compatibility setting and review the compatible user types and available privileges.
      • Select Set from existing role and import settings from an existing role or template on which to base the new custom role.
    4. Select the privileges for the custom role.

      Some workflows require a combination of privileges. For example, to publish hosted tile layers or publish hosted feature layers, you also need privileges to create content. To publish apps from a map viewer or group pages, you need privileges to share items and create content.

    5. Click Save.

      The custom role is created. You can assign it to members from the Members tab of the organization page.

  5. To edit a custom role, click the More options button More options for the role you need to edit, and click Edit. Change the name, description, or privileges, and click Save.
  6. To delete a custom role, click the More options button More options for the role you need to delete, and click Delete.

    You cannot delete a default role and you cannot delete a role that is currently assigned to a member.

  7. Tip:

    To get information about a member role, click the Role information button Role information in the row of the role. A pop-up appears with a description and a list of privileges. The row also indicates whether the role is a custom role or default role, as well as the number of members assigned to each role.


Templates contain a set of predefined privileges for common workflows such as consuming content and curating data. You can use templates as they have been configured or further customize them by adding and removing the privileges that fit the needs of your organization. The following templates are currently available:

  • Analyst—Staff who create maps; use standard, raster, or GeoAnalytics tools; view content and groups shared with the organization; share content across the organization or with groups; publish hosted feature layers; and edit features.
  • Author—Content creators who view content and groups shared with the organization, perform standard feature analysis, edit features, create groups, and publish hosted tile layers.
  • Data Curator—Data-focused staff who prepare or process data within your organization. This role can add, edit, and delete features in editable hosted feature layers and join organizational groups.
  • Student—Members of a school organization who have general privileges to create content, view content and groups shared with the organization, join groups, share content with groups and the organization, and edit features.
  • Publisher—Default publisher role defined by Esri that, in addition to the Author template privileges, allows members to share content with the public and make groups visible inside and outside the organization (depending on the security settings of the organization).
  • User—Default user role defined by Esri that can create content and groups and share them inside and outside the organization (depending on the security settings of the organization).
  • Data Editor—Default editor role defined by Esri that can edit features, interact with maps, and view content shared with them in groups.
  • Viewer—Default viewer role defined by Esri that allows members to interact with maps, view content and groups shared with the organization, and view content shared with them in groups.

Recommended workflow

Before you assign custom roles to members, you may want to test that the set of privileges in the role work as you intend. A recommended workflow is to define your custom role and assign it to an account where you can verify your privileges. You can edit the role, if necessary, and assign it to members of your organization.

Step 1
1Define a custom role with privileges.
Step 2
2Assign to an account.
Step 3
3Verify your privileges.
Step 4
4Edit the custom role if needed.
Step 5
5Assign to members of your organization.