Editor permissions for feature services
In this topic
Feature services allow you to control what types of edits users can make to the service. You do this by enabling or disabling operations and properties on the Feature Access tab of the Service Editor in ArcGIS for Desktop.
The following feature service operations are available for you to configure:
- Create allows users to add features to the feature service. This operation is enabled by default.
- Delete allows users to delete features in the feature service. This operation is enabled by default.
- Query allows users to query and view the data in the feature service. Unlike with map services, which have an ExportMap function to draw the map, visualization of feature services works completely from queries. The server returns the queried features to the client and the client does the work of drawing the features. This operation is enabled by default.
- Sync allows users to work with feature service data while offline. This operation is disabled by default. To learn more, see Authoring feature services.
- Update allows users to update features in the feature service. This operation is enabled by default.
If you disable an operation and a user attempts to do any action corresponding to that operation, the service returns an error. Client applications, such as those built with the ArcGIS Web APIs, can check for the allowed operations before attempting to apply edits. You might even design these applications to disable or limit commands to match the allowed operations.
For data with attachments, if the Create or Update capability is enabled, you can add an attachment to a feature. If Update is enabled, you can also Update or Delete an attachment that is associated with a feature.
If you want to edit data from a feature service in ArcMap, the Create, Delete, and Update capabilities must be enabled. If these capabilities are not enabled, you'll encounter an error in ArcMap when you attempt to create a local copy of the data for editing. To learn more, see About editing data from feature services in ArcMap.
When configuring service operations, keep in mind the following:
- If Create, Delete, or Update are enabled, the Uploads capability is included in the service configuration. This is used to send data to the service.
- If Create, Delete, Update, and Allow geometry updates are enabled, the Editing capability is included in the service configuration. This is provided to support backward compatibility with pre-10.1 clients.
Allowed operations are only considered for nonadministrative users. Server administrators have full access to the service with all operations allowed.
The following feature service properties are available for you to configure:
- Allow geometry updates allows users to edit the geometry of a feature in the feature service. This is enabled by default. If you disable this option, users will only be able to update the attributes of features in the feature service.
- Allow update of true curves allows users to replace the true curve geometry of a feature with densified geometry. This operation is disabled by default and available only if you have selected Allow geometry updates.
True curve geometries are not supported by web clients. If your data has true curves, the geometry will be returned as a densified version of the true curve. If you enable this option, it will allow densified features to be applied in place of the true curve. If you disable this option, attempting to edit the true curve geometry will return an error.
- Apply default z-value allows you to specify a default z-value that will be applied to any features added or updated through the feature service, where the z-value is not provided. For more information, see Editing features with z-values in feature services.
- Enable ownership-based access control on features allows you to restrict people from accessing features they do
not own. For more information, see Ownership-based access control for feature services.
This functionality can only be used with enterprise geodatabases, not databases.
Configuring multiple tiers of access
If you need to support multiple tiers of users, each requiring different operations, the recommended approach is to create one service for each level of user. For example, you could create a Professors service that might have all operations allowed. Along with that, you could create a less-privileged Students service with only Create, Query, and Upload operations allowed.