ArcGIS Server makes your data—such as maps, tools, imagery, and locators—available to many other clients in your organization and potentially the entire Internet. To do this, your ArcGIS Server machines must have access to your data. There are three main things you need to do to make your data accessible to ArcGIS Server.
- Store your data where all ArcGIS Server machines can access it.
- Grant the ArcGIS Server account permissions to data locations, such as folders and databases you access with operating system authentication. The ArcGIS Server account is the operating system account you specified when you installed ArcGIS Server, not the primary site administrator specified when the ArcGIS Server site was created.
- Register your data with the ArcGIS Server site.
How ArcGIS Server stores and accesses data
When you publish a resource as a service, that resource is placed on the ArcGIS Server machine. Thus, if you publish a locator as a geocode service, a copy of the locator ends up on the server where ArcGIS Server has sufficient permissions to access it. Similarly, maps you publish are copied to the ArcGIS Server machine.
Sometimes, you publish a resource that references additional data. For example, a map references various feature classes stored in a database, geodatabase, or shapefiles in a folder. This data is moved to the ArcGIS Server machine if you do not register the folder or database with the ArcGIS Server site before publishing or if you do not place the data in a location that ArcGIS Server access.
Store data where all ArcGIS Server machines can access it
Each ArcGIS Server machine in your deployment needs to be able to read your GIS resources and all the data they reference. For example, when you publish a map as a service, all the data for the map's layers must be visible to all ArcGIS Server machines. Following are some approaches for how you can store the data.
Store data locally on each ArcGIS Server machine
When you save your data to a local path, for example, C:\data and create a service from it, other ArcGIS Server machines are not able to work with the service unless they have their own copies of the data residing at C:\data. Loading an identical copy of your data into an identical path on each ArcGIS Server machine can be beneficial for performance, but it may not be a practical solution for large or frequently changing datasets.
Store data in a shared directory
Another way to make your data available to all ArcGIS Server machines is to use the operating system tools to share the directory in which the data is stored. Shared directories are commonly referred to with Universal Naming Convention (UNC) paths, which contain the name of the server (for example, \\myServer\data). When you use UNC paths to reference your data, all ArcGIS Server machines will look to the correct machine for the data.
If you store your GIS resources in shared directories, remember that all data source paths within the resource must also use UNC paths or relative paths. For example, if your map document contains layers from three shapefiles, the paths to those shapefiles must be UNC or relative paths.
Although shared network folders are convenient for referencing data, they require network traffic and can introduce performance bottlenecks that would not otherwise exist when accessing the data through local paths. You may also experience locking issues if other clients are accessing the source resource at the same time.
Store data in a database
Many GIS shops store large data collections in a relational database management system. Esri natively supports a specific set of databases, which provides a way to conveniently organize and use spatial data from a database in ArcGIS. Esri also provides a geodatabase that you can deploy within your database.
See Data storage considerations for an ArcGIS Server site to learn about whether this approach is right for you.
Store data in a cloud storage container
If you have an Amazon Web Services (AWS) or Microsoft Azure account and need to store your data in the cloud, you can place your file-based data in an AWS Simple Storage Service (S3) bucket or Azure Blob storage container and register that location with your ArcGIS Server site.
Since the data is stored in a remote location, the speed and through-put of your network will affect the web service performance. Also note that you may need to have your network administrator open your company's firewall to access these containers.
Grant the ArcGIS Server account permissions to your data
When you log in to your own computer, the account name you use gives you access to all your files and folders on the computer. No one else can access those files and folders unless you grant them access. The same holds true for your GIS data. The ArcGIS Server account needs at least read permissions to any data in folders that you use in your services and any data in databases (or enterprise geodatabases) that you access using operating system authentication. In some scenarios where edits are occurring, the ArcGIS Server account may also need write permissions.
When do you need to apply permissions?
The resources you publish are copied to the ArcGIS Server machine. The ArcGIS Server account already permissions to these folders. However, the data referenced in those resources (for example, the layers in a map) may or may not have the correct permissions applied, depending on whether you choose to register the containing folder or database with the ArcGIS Server site before publishing.
If you chose to have the server automatically copy data to the server, there is no need to set any additional permissions. All the data is copied to the server where the ArcGIS Server account already has permissions. If your source data is file based and you are publishing a feature or transaction-enabled WFS (WFS-T) service, the source data is copied into a geodatabase that you registered with the server, called ArcGIS Server's Managed Database. You do not need to grant permissions to the ArcGIS Server account to access the source data that is copied to the server.
To learn more, see Copying data to the server automatically when publishing.
If you chose to register the containing folder, you need to explicitly give the ArcGIS Server account permissions to read from that folder.
If you choose to register the containing database, the type of permissions you need to grant depends on what type of database you are using and what type of authentication you are using to connect.
The process of granting permissions to your file-based or database data is described in the remaining sections of this topic.
Permissions for file-based data
If your data is file based, such as shapefiles, image files, and file geodatabases, you need to work with the operating system to set access to the folders that contain your data. The ArcGIS Server account must have at least read access to the data and write access if the data will be edited. Here are some scenarios:
- If your data resides on the ArcGIS Server machine (or one of the ArcGIS Server machines in the event you have more than one), grant the ArcGIS Server account read (and optionally write) access to the folders containing your data.
- If the data does not reside on the ArcGIS Server machine and you specified a local account as the ArcGIS Server account, you will first need to create an identical local account (having the same user name and password) on the machine that hosts your data. Then grant that local account read (and optionally write) access to the folders containing your data. As long as the local accounts on the machine with data and the ArcGIS Server machine are identical, the ArcGIS Server machine will be able to access the data.
- If the data does not reside on the ArcGIS Server machine and you specified a domain account as the ArcGIS Server account, grant the domain account read (and optionally write) access to the folders containing your data.
You should be aware of your operating system's security mechanisms and hierarchies. For example, if you are working from a shared directory in Windows, you need to give the ArcGIS Server account share permissions for the folder, switch to the Security tab of the folder properties, and grant NTFS (file) permissions to the ArcGIS Server account for the folder. If you do not grant both types of permissions (share and file), ArcGIS Server cannot access the resource, since the operating system gives precedence to the more restrictive of the two.
Permissions to data in a database
When you create a service that references data in a database, you need to ensure that the server has the appropriate permissions to access the data. The type of permissions you need to grant depends on what type of database you are using and what type of authentication you are using to connect.
ArcGIS 10.1 for Server and later releases do not support personal geodatabases.
The way you grant ArcGIS Server access to data in a database depends on whether you connect to the database using database authentication or operating system (OS) authentication. View the database connection properties in ArcCatalog or the Catalog window in ArcMap to find out whether the connection uses database authentication or OS authentication. Note that you always access workgroup geodatabase using OS authentication.
When using database authentication, check your database connection properties in the Catalog tree and make sure you check the option to save the user name and password. This is required for your service to access the data successfully.
Write permissions on the data must be granted to the database user making the connection if you plan to allow edits to the data.
If you access data through OS authentication, add the ArcGIS Server account to the database and grant it permissions to the resources that it needs to access. When the service runs, it will log in to the DBMS as the ArcGIS Server account.
The way that you add the ArcGIS Server account and grant it permissions can vary. You may find it helpful to consult your DBMS documentation to learn how to grant access to an operating system account. Once you add the ArcGIS Server account, you need to grant it SELECT permissions to the resources that you are going to publish. Write permissions on the data are required if you plan to allow edits to the data.
If you are working with a workgroup geodatabase, perform the following steps in ArcCatalog or the Catalog window to give the ArcGIS Server account the necessary permissions:
- Double-click Database Servers in the Catalog tree.
- Right-click the database server containing the geodatabase and click Permissions.
- Click Add User and add the ArcGIS Server account. Click OK.
- Double-click the same database server.
- Right-click the geodatabase, click Administration, and click Permissions.
- Click the ArcGIS Server account to select it and choose the level of permissions you want it to have. You need at least read permissions to see the data, and you need write permissions for editing. See Database server permissions in the ArcGIS Desktop help if you need further assistance deciding which permissions would be necessary for your ArcGIS Server account.
Register your data with ArcGIS Server
After you grant the ArcGIS Server account the appropriate permissions to the folders and databases that contain your data, you need to register the folders and databases with the server using ArcGIS Server Manager or ArcGIS Desktop. Data registration gives you the most control over how your server accesses data and helps you ensure that the data is truly accessible by the server.
Note that to register workgroup geodatabases with an ArcGIS Server site, you need to create a database connection (.sde file) to the workgroup geodatabase.
For instructions, see the following topics: