Skip To Content

Manage access

ArcGIS Enterprise provides multiple ways for organizations to manage how their members access and interact with the portal and its content. One way organizations can manage their members' access is by assigning them specific privileges through default or custom roles. Privileges allow members to perform different tasks and workflows for an organization, such as allowing specific users to create and publish content while others can only view content.

At 10.7.1, organizations were able to create custom roles that included administrative privileges, such as the ability to manage the portal's look and feel or it's security configuration. Through these custom roles, organizations were able to delegate administrative tasks without having to assign the default administrator role to multiple members.

At 10.8, access to the Portal Administrator API is based on these same privileges. Members can only access the resources and operations associated with, or required by, their role's privileges. This restrictive access model allows organizations to continue to delegate administrative tasks without providing full administrative access.

Privilege-based access

Members will only be able to access certain endpoints in the Portal Administrator API based on the privileges assigned to their role. Resources and operations that are not accessible to members based on their assigned privileges will either be inaccessible through the UI or will return an error message when users with unauthorized privileges attempt to access them. The table below shows which administrative privileges are authorized to access the Portal Administrator REST API:

Administrative privilege categoryPrivilege name

Members

Add | Manage Licenses

Groups

Link to Enterprise Groups

Portal Settings

Security and infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

Note:

Members who are assigned one of the privileges listed above will have access to the Logs and Mode resources, though access to their associated child operations and resources will vary depending on the specific privilege assigned to the user.

Endpoint access

Caution:

This topic specifies the required privileges for ArcGIS Enterprise 11.2. To see which privileges apply to the specific ArcGIS Enterprise version you are using, see the ArcGIS Portal Admin API installed help.

This following section outlines the requirements to access each endpoint in the Portal Administrator API.

Note:

Users assigned the default administrator role will have access to every endpoint in the Portal Administrator API. Endpoints that are accessible only to those assigned the default administrator rile will be specified below.

Portal Administrator root

EndpointRequirement
Portal Administrator root

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

Create New Site

Default administrator role only

Upgrade

Default administrator role only

Export Site

Default administrator role only

Import Site

Default administrator role only

Join Site

Default administrator role only

Info

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

Backup Restore Information

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

System

EndpointRequirement
System

Security and Infrastructure | Organization Website

Web Adaptors

Security and Infrastructure

Web Adaptor

Security and Infrastructure

Unregister Web Adaptor

Security and Infrastructure

Web Adaptor Configuration

Security and Infrastructure

Update Web Adaptors Configuration

Security and Infrastructure

Directories

Security and Infrastructure

Directory

Security and Infrastructure

Edit Directory

Security and Infrastructure

Database

Security and Infrastructure

Update Database Account

Security and Infrastructure

Database Settings

Security and Infrastructure

Edit Database Settings

Security and Infrastructure

Indexer

Security and Infrastructure

Indexer Status

Security and Infrastructure

Reindex

Security and Infrastructure

System Properties

Security and Infrastructure | Organization Website

Update System Properties

Security and Infrastructure | Organization Website

Languages

Security and Infrastructure | Organization Website

Update Languages

Security and Infrastructure | Organization Website

Content

Security and Infrastructure | Organization Website

Content Configuration

Security and Infrastructure | Organization Website

Update Content Configuration

Security and Infrastructure | Organization Website

Email Settings

Security and Infrastructure

Update Email Settings

Security and Infrastructure

Test Email Settings

Security and Infrastructure

Delete Email Settings

Security and Infrastructure

Security

EndpointRequirement
Security

Security and Infrastructure | Link to Enterprise Groups

Users

Security and Infrastructure

Create User

Security and Infrastructure | Add

Note:

While the Create User operation is accessible to members assigned the Add privilege, they will not be able to navigate to it through the UI. Instead, they must enter the operation URL to access it. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/security/users/createUser

Get Enterprise User

Security and Infrastructure | Add

Note:

While the Get Enterprise User operation is accessible to members assigned the Add privilege, they will not be able to navigate to it through the UI. Instead, they must enter the operation URL to access it. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/security/users/getEnterpriseUser

Update Enterprise User

Security and Infrastructure | Add

Note:

While the Update Enterprise User operation is accessible to members assigned the Add privilege, they will not be able to navigate to it through the UI. Instead, they must enter the operation URL to access it. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/security/users/updateEnterpriseUser

Search Enterprise Users

Security and Infrastructure | Add

Note:

While the Search Enterprise Users operation is accessible to members assigned the Add privilege, they will not be able to navigate to it through the UI. Instead, they must enter the operation URL to access it. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/security/users/searchEnterpriseUsers

Refresh User Membership

Security and Infrastructure

Groups

Security and Infrastructure | Link to Enterprise Groups

Search Enterprise Groups

Security and Infrastructure | Link to Enterprise Groups

Refresh Group Membership

Security and Infrastructure | Link to Enterprise Groups

Get Users Within Enterprise Group

Security and Infrastructure | Link to Enterprise Groups

Get Enterprise Groups for User

Security and Infrastructure | Link to Enterprise Groups

Token Configuration

Security and Infrastructure

Update Token Configuration

Security and Infrastructure

OAuth

Security and Infrastructure

Change App ID

Security and Infrastructure

Get App Info

Security and Infrastructure

Update App Info

Security and Infrastructure

Security Configuration

Security and Infrastructure | Add

Note:

While the Security Config resource is accessible to members assigned the Add privilege, they will not be able to navigate to it through the UI. Instead, they must enter the resource URL to access it. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/security/config

Update Security Configuration

Security and Infrastructure

Update Identity Store

Security and Infrastructure

Test Identity Store

Security and Infrastructure

SSL Certificates

Security and Infrastructure

SSL Certificate

Security and Infrastructure

Generate CSR

Security and Infrastructure

Export Certificate

Security and Infrastructure

Delete Certificate

Security and Infrastructure

Import Signed Certificate

Security and Infrastructure

Update Web Server Certificate

Security and Infrastructure

Generate Certificate

Security and Infrastructure

Import Root or Intermediate Certificate

Security and Infrastructure

Import Existing Certificate

Security and Infrastructure

Federation

EndpointRequirement
Federation

Servers

Federation Servers

Servers

Server

Servers

Validate Server

Servers

Update Server

Servers

Unfederate Server

Servers

Federate Servers

Servers

Validate Servers

Servers

Machines

EndpointRequirement
Machines

Default administrator role only

Status

Default administrator role only

Unregister Machine

Default administrator role only

Machine

Security and Infrastructure

Note:

While the Machine resource is accessible for members assigned the Security and Infrastructure, they will not be able to navigate to it through the UI. Instead, they must enter the specific machine URL to access its child resources and operations. The URL will have the following format:

https://machine.domain.com/webadaptor/portaladmin/machines/MACHINE.DOMAIN.COM

Machine Status

Security and Infrastructure

SSL Certificates

Security and Infrastructure

Update Web Server Certificate

Security and Infrastructure

Generate Certificate

Security and Infrastructure

Import Root Or Intermediate Certificate

Security and Infrastructure

Import Existing Server Certificate

Security and Infrastructure

SSL Certificate

Security and Infrastructure

Generate CSR

Security and Infrastructure

Export Certificate

Security and Infrastructure

Delete Certificate

Security and Infrastructure

Import Signed Certificate

Security and Infrastructure

Logs

EndpointRequirement
Logs

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

Query Logs

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

Clean Logs

Security and Infrastructure | Servers

Log Settings

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

Edit Log Settings

Security and Infrastructure | Servers

License

EndpointRequirement
License

Manage Licenses | Add privilege

Get Future License

Manage Licenses

Validate License

Manage Licenses

Import License

Manage Licenses

Release License

Manage Licenses

Populate License

Manage Licenses

Update License Manager

Manage Licenses

Mode

EndpointRequirement
Mode

Add | Manage Licenses | Link to Enterprise Groups | Security and Infrastructure | Organization Website | Collaborations | Member Roles | Servers | Utility Services

Update Mode

Default administrator role only