Privileges

Description

This resource lists all privileges for a custom role.

Request Parameters

Parameter

Details

[Common Parameters]

For a complete listing, see common parameters.

Response Properties

Property

Details

id

The ID of the role.

privileges

An array of strings with predefined permissions in each.

Example:

[
    "features:user:edit",
    "features:user:fullEdit",
    "opendata:user:designateGroup",
    "portal:admin:viewUsers",
    "portal:user:createGroup"
  ]

Supported privileges with predefined permissions are:

Administrative Privileges:

Members

  • portal:admin:viewUsers: grants the ability to view full member account information within organization.
  • portal:admin:updateUsers: grants the ability to update member account information within organization.
  • portal:admin:deleteUsers: grants the ability to delete member accounts within organization.
  • portal:admin:inviteUsers: grants the ability to invite members to organization. (This privilege is only applicable to ArcGIS Online.)
  • portal:admin:disableUsers: grants the ability to enable and disable member accounts within organization.
  • portal:admin:changeUserRoles: grants the ability to change the role a member is assigned within organization; however, it does not grant the ability to promote a member to, or demote a member from, the Administrator role. That privilege is reserved for the Administrator role alone.
  • portal:admin:manageLicenses: grants the ability to assign licenses to members of organization.
  • portal:admin:reassignUsers: grants the ability to assign all groups and content of a member to another within organization.

Groups

  • portal:admin:viewGroups: grants the ability to view all groups within organization.
  • portal:admin:updateGroups: grants the ability to update groups within organization.
  • portal:admin:deleteGroups: grants the ability to delete groups within organization.
  • portal:admin:reassignGroups: grants the ability to reassign groups to other members within organization.
  • portal:admin:assignToGroups: grants the ability to assign members to, and remove members from, groups within organization.
  • portal:admin:manageEnterpriseGroups: grants the ability to link group membership to an enterprise group. (This privilege is only applicable to Portal for ArcGIS.)
  • portal:admin:createUpdateCapableGroup: grants the ability to create and own groups with item update capabilities.

Content

  • portal:admin:viewItems: grants the ability to view all content within organization.
  • portal:admin:updateItems: grants the ability to update content within organization.
  • portal:admin:deleteItems: grants the ability to delete content within organization.
  • portal:admin:reassignItems: grants the ability to reassign content to other members within organization.
  • portal:admin:shareToGroup: grants the ability to share other member's content to groups the user belongs to.
  • portal:admin:shareToOrg: grants the ability to share other member's content to organization.
  • portal:admin:shareToPublic: grants the ability to share other member's content to all users of the portal.

ArcGIS Marketplace Subscriptions

  • marketplace:admin:purchase: grants the ability to request purchase information about apps and data in ArcGIS Marketplace. (This privilege is only applicable to ArcGIS Online.)
  • marketplace:admin:startTrial: grants the ability to start trial subscriptions in ArcGIS Marketplace. (This privilege is only applicable to ArcGIS Online.)
  • marketplace:admin:manage: grants the ability to create listings, list items and manage subscriptions in ArcGIS Marketplace. (This privilege is only applicable to ArcGIS Online.)

Publisher Privileges:

Content

  • portal:publisher:publishFeatures: grants the ability to publish hosted feature layers from shapefiles, CSVs, etc.
  • portal:publisher:publishTiles: grants the ability to publish hosted tile layers from tile packages, features, etc.
  • portal:publisher:publishScenes: grants the ability to publish hosted scene layers.

User Privileges:

Members

  • portal:user:viewOrgUsers: grants the ability to view members of the organization.

Groups

  • portal:user:createGroup: grants the ability for a member to create, edit, and delete their own groups.
  • portal:user:joinGroup: grants the ability to join groups within organization.
  • portal:user:joinNonOrgGroup: grants the ability to join groups external to the organization. (This privilege is only applicable to ArcGIS Online.)
  • portal:user:viewOrgGroups: grants the ability to view groups shared with the organization.

Content

  • portal:user:createItem: grants the ability for a member to create, edit, and delete their own content.
  • portal:user:viewOrgItems: grants the ability to view content shared with the organization.

Sharing

  • portal:user:shareToGroup: grants the ability to share content to groups.
  • portal:user:shareToOrg: grants the ability to share content to organization.
  • portal:user:shareToPublic: grants the ability to share content to all users of portal.
  • portal:user:shareGroupToOrg: grants the ability to make groups discoverable by the organization.
  • portal:user:shareGroupToPublic: grants the ability to make groups discoverable by all users of portal.

Premium Content

  • premium:user:geocode: grants the ability to perform large-volume geocoding tasks with the Esri World Geocoder such as publishing a CSV of addresses as hosted feature layer.
  • premium:user:networkanalysis: grants the ability to perform network analysis tasks such as routing and drive-time areas.
  • premium:user:geoenrichment: grants the ability to geoenrich features.
  • premium:user:demographics: grants the ability to make use of premium demographic data.
  • premium:user:spatialanalysis: grants the ability to perform spatial analysis tasks.
  • premium:user:elevation: grants the ability to perform analytical tasks on elevation data.

Features

  • features:user:edit: grants the ability to edit features in editable layers, according to the edit options enabled on the layer.
  • features:user:fullEdit: grants the ability to add, delete, and update features in a hosted feature layer regardless of the editing options enabled on the layer.

Open Data

  • opendata:user:openDataAdmin: grants the ability to manage Open Data Sites for the organization. (This privilege is only applicable to ArcGIS Online.)
  • opendata:user:designateGroup: grants the ability to designate groups within organization as being available for use in Open Data. (This privilege is only applicable to ArcGIS Online.)

Example Usage

URL for Privileges

http://www.arcgis.com/sharing/rest/portals/LkFyxb9zDq7vAwww/roles/hzHOGSAky23XJu7Q/privileges

JSON Response Syntax

{
  "id": "<role id>",
  "privileges": [
    "<privilege1>",
    "<privilege2>",
    "<privilege3>",
    "<privilege4>",
    "<privilege5>"
  ]
}

JSON Response Example

{
  "id": "hzHOGSAky23XJu7Q",
  "privileges": [
    "features:user:edit",
    "features:user:fullEdit",
    "opendata:user:designateGroup",
    "portal:admin:viewUsers",
    "portal:user:createGroup"
  ]
}

9/13/2017