Ownership-based access control allows you to specify which edit operations can be performed on specific features and who can perform the edits. For example, you can set up the feature layer so only the person who adds the feature can update or delete it, and all other people connecting to the layer can only query the feature.
How you enable ownership-based access control and what controls are available depends on whether you enable it on a hosted feature layer or an ArcGIS Server feature layer (feature service).
Enable ownership-based access control on a hosted feature layer
The owner of the hosted feature layer or the portal administrator must enable editor tracking on the layer. Once that is enabled, the following access control options are available:
- Editors can only see their own features
- Editors can't see any features, even those they add
- Editors can only edit their own features
- Only add new features
See Manage hosted feature layer editing for more information on how these options control access to your hosted feature layer data.
Enable ownership-based access control on an ArcGIS Server feature layer
For ArcGIS Server feature layers, ownership-based access means the person who creates the feature has full control of the feature. You can, however, set rules for what sort of operations other users (people who did not create the feature) are allowed to perform based on the following options:
- Query—If you allow other users to query features, that means only the person who added the feature to the feature layer (the creator) can see and edit the feature.
- Update—If you allow other users to update features, any person with editor permissions can update the attributes or location of any feature in the feature layer.
- Delete—If you allow other users to delete features, any person with editor permissions can delete a feature in the feature layer.
For more information, see Ownership-based access control for feature services in the ArcGIS Server help.
You must enable editor tracking on the feature class (or feature classes) before you can set access rules. You can set these rules either when you publish the ArcGIS Server feature layer or after. To set access rules after you publish, follow these steps:
- Sign in to ArcGIS Server Manager as the portal administrator or the owner of the feature layer and stop the feature service (the map service with feature layer access).
- Double-click the service to open its properties.
- Click Capabilities.
- Choose Feature Access from the list of capabilities.
- In the Properties section, check Enable ownership-based access control on features.
- Under Operations allowed on features created by other users, check the edit operations you want people to have on features they did not create.
The following are examples:
- If you uncheck Query, the person logged in to the feature layer will only see features he or she creates.
- If Query is checked, but Update and Delete are unchecked, features are read-only for anyone but the creator of the feature.
- If Query and Update are checked, but Delete is unchecked, features can be queried or altered by nonowners but cannot be deleted.
- Save the changes you made to the service properties.
- Restart the feature service (map service with feature access).