Skip To Content

Manage access

ArcGIS Enterprise provides multiple methods for organizations to manage how their members access and interact with its content. One method is to assign members specific privileges through custom roles that include administrative privileges, such as managing an organization's security configuration. These custom roles allow organizations to delegate administrative tasks without assigning the default administrator role to multiple members.

The security privilege model is also used by the ArcGIS Server Administration REST API. Starting at 10.8.1, only members assigned specific administrative privileges can access the REST API. Access to other resources and operations is restricted based on the endpoints that are associated with, or required by, their role's privileges.

Note:

Members who are assigned the default administrator role continue to have access to the full Server Administration API.

Privilege-based access

Members can only access certain endpoints in the ArcGIS Server Administration API based on the privileges assigned to their role.

The following tables list the privileges that are authorized to access the ArcGIS Server Admin REST API:

Administrative privilege categoryPrivileges

Content

Update | Delete

Portal Settings

Security and infrastructure | Servers | Organization webhooks

Webhooks

Geoprocessing

Caution:

Users assigned the Geoprocessing privilege must add the Publish server-based layers privilege to their custom role.

General privilege categoryPrivileges

Content

Register data stores

Webhooks

Feature layer

In addition to the privileges listed above, users assigned the Publisher default role can also access specific endpoints in the ArcGIS Server Admin API.

To learn more about these privileges, and the access they provide in an organization, see User types, roles, and privileges.

Endpoint access

Caution:

This topic outlines the required privileges for ArcGIS Enterprise 11.2 . To see the privileges that apply to the specific ArcGIS Enterprise version you are using, see the ArcGIS Server Admin API installed help.

The following sections list the privileges necessary to access each endpoint in the ArcGIS Server Administration API.

Note:

Users assigned the default administrator role have access to every endpoint in the Server Administration API. Endpoints that are accessible only to those assigned the default administrator role are specified below.

Server admin root

Endpoint pathPrivileges
Root

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Create New Site

Default administrator role only

Export Site

Default administrator role only

Import Site

Default administrator role only

Delete Site

Default administrator role only

Join Site

Default administrator role only

Upgrade

Default administrator role only

Generate Token

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Public Key

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Machines

Endpoint pathPrivileges
Machines

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Register Machine

Security and infrastructure

Rename Machine

Security and infrastructure

Machine

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Edit Machine

Security and infrastructure

Start Machine

Security and infrastructure

Stop Machine

Security and infrastructure

Unregister Machine

Security and infrastructure

Synchronize With Site

Security and infrastructure

Hardware Configuration

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

SSL Certificates

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Generate Certificate

Security and infrastructure

Import Root Certificate

Security and infrastructure

Import Existing Server Certificate

Security and infrastructure

SSL Certificate

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Generate CSR

Security and infrastructure

Export Certificate

Security and infrastructure

Delete Certificate

Security and infrastructure

Import CA Signed Certificate

Security and infrastructure

Services

Note:

Both the System and Utilities folders, and most of their operations, are only accessible to users assigned the default administrator or Publisher role. The edit service operations in both the System and Utilities folders are accessible only to users with the Security and infrastructure or Servers privileges.

Endpoint pathPrivileges
Services

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Edit Folder

Security and infrastructure

Create Service

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Rename Service

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Can Create Service

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Create Folder

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Exists

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Start Services

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Stop Services

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Delete Services

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Export Services

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Import Services

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Federate

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Unfederate

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Types

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Extensions

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Register Extension

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Update Extension

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Unregister Extension

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Providers

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Permissions

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Add Permission

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Has Child Permissions Conflict

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Clean Permissions

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Service Report

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Default Service Properties

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Update Default Service Properties

Default administrator role only

Webhooks

Geoprocessing | Feature layer

Settings

Organization webhooks

Service

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Service Status

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Start Service

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Stop Service

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Edit Service

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Change Provider

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Delete Service

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Job Statistics

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Item Information

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Edit Item Information

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Upload Item Information File

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Delete Item Information

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Lifecycle Information

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Webhooks

Geoprocessing | Feature layer

Create Webhook

Geoprocessing | Feature layer

Delete All

Geoprocessing | Feature layer

Activate All

Geoprocessing | Feature layer

Deactivate All

Geoprocessing | Feature layer

Webhook

Geoprocessing | Feature layer

Edit Webhook

Geoprocessing | Feature layer

Delete Webhook

Geoprocessing | Feature layer

Notification Status

Geoprocessing | Feature layer

Jobs

Update | Delete | Security and infrastructure | Servers

Job

Update | Delete | Security and infrastructure | Servers

Query Jobs

Update | Delete | Security and infrastructure | Servers

Purge Job Queue

Default administrator role only

Job Statistics

Update | Delete | Security and infrastructure | Servers

Delete Job

Default administrator role only

Cancel Job

Default administrator role only

Folder

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Delete Folder

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Security

Endpoint pathPrivileges
Security

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Users

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Get Users

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Search Users

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Add User

Update | Delete | Security and infrastructure | Servers

Remove User

Update | Delete | Security and infrastructure | Servers

Update User

Update | Delete | Security and infrastructure | Servers

Assign Roles

Update | Delete | Security and infrastructure | Servers

Remove Roles

Update | Delete | Security and infrastructure | Servers

Get Privilege For User

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Roles

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Get Roles

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Search Roles

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Add Role

Update | Delete | Security and infrastructure | Servers

Remove Role

Update | Delete | Security and infrastructure | Servers

Update Role

Update | Delete | Security and infrastructure | Servers

Get Roles For User

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Get Users Within Role

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Add Users To Role

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Remove Users From Role

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Assign Privilege

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Get Privilege For Role

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Get Roles By Privilege

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Tokens

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Update Token Configuration

Security and infrastructure

Security Configuration

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Update Security Configuration

Security and infrastructure | Servers

Update Identity Store

Security and infrastructure | Servers

Test Identity Store

Security and infrastructure | Servers

Change Server Role

Security and infrastructure | Servers

Primary Site Administrator

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Update Primary Site Administrator

Default administrator role only

Enable Primary Site Administrator

Default administrator role only

Disable Primary Site Administrator

Default administrator role only

System

Endpoint pathPrivileges
System

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Server Properties

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Update Server Properties

Security and infrastructure

Server Directories

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Register Directory

Default administrator role only

Register Directories

Default administrator role only

Recover Server Directories

Default administrator role only

Server Directory

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Unregister Directory

Default administrator role only

Clean Directory

Default administrator role only

Edit Directory

Default administrator role only

Configuration Store

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Edit Configuration Store

Default administrator role only

Recover Configuration Store

Default administrator role only

Web Adaptors

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Web Adaptor Configuration

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Register data stores | Publisher role

Update Web Adaptors Configuration

Security and infrastructure

Web Adaptor

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Unregister Web Adaptor

Security and infrastructure

Handlers

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Rest Handler

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Rest Cache

Security and infrastructure

Clear Rest Cache

Security and infrastructure

Services Directory

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Edit Directory

Security and infrastructure

SOAP

Security and infrastructure | Geoprocessing | Register data stores | Publisher role

SOAP Handler Config

Security and infrastructure | Geoprocessing

Edit SOAP Handler Config

Security and infrastructure

Jobs

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Job

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Licenses

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Deployment

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Platform Services

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Compute Platform

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Start Compute Platform

Update | Delete | Security and infrastructure | Servers

Stop Compute Platform

Update | Delete | Security and infrastructure | Servers

Compute Platform Status

Update | Delete | Security and infrastructure | Servers

Compute Platform Health Check

Update | Delete | Security and infrastructure | Servers

Synchronization Service

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Start Synchronization Service

Update | Delete | Security and infrastructure | Servers

Stop Synchronization Service

Update | Delete | Security and infrastructure | Servers

Synchronization Service Health Check

Update | Delete | Security and infrastructure | Servers

Synchronization Service Status

Update | Delete | Security and infrastructure | Servers

Synchronization Service Reset

Update | Delete | Security and infrastructure | Servers

Data

Endpoint pathPrivileges
Data

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Register Data Item

Security and infrastructure | Servers | Register data stores | Publisher role

Unregister Data Item

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Validate Data Item

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Validate All Data Items

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Find Data Items

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Federate Data Item

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Root Data Item

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Lifecycle Information

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Edit Data Item

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Make Data Store Machine Primary

Update | Delete | Security and infrastructure | Servers

Validate Data Store

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Remove Data Store Machine

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Start Data Store Machine

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Stop Data Store Machine

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Datastore Configuration

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Update Datastore Configuration

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Relational Data Store Types

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Register Relational Data Store Type

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Relational Data Store Type

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Edit Relational Data Store Type

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Unregister Relational Data Store Type

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Big Data File Share Manifest

Update | Delete | Security and infrastructure | Servers

Big Data File Share Manifest Regeneration

Update | Delete | Security and infrastructure | Servers

Big Data File Share Manifest Update

Update | Delete | Security and infrastructure | Servers

Big Data File Share Hints

Update | Delete | Security and infrastructure | Servers

Big Data File Share Hints Update

Update | Delete | Security and infrastructure | Servers

Uploads

Endpoint pathPrivileges
Uploads

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Upload Item

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Register Item

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Item

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Upload Part

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Commit Item

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Delete Item

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Item Parts

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Logs

Endpoint pathPrivileges
Logs

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Query Logs

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Clean Logs

Security and infrastructure

Count Error Reports

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Log Settings

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Edit Log Settings

Security and infrastructure

KML

Endpoint pathPrivileges
Kml

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Create Kmz

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Kmz File

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Info

Endpoint pathPrivileges
Info

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Mode

Endpoint pathPrivileges
Mode

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Update Site Mode

Default administrator role only

Usage report

Endpoint pathPrivileges
Usage Reports

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Create Usage Report

Default administrator role only

Usage Reports Settings

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Edit Usage Reports Settings

Default administrator role only

Usage Report

Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role

Edit Usage Report

Default administrator role only

Query Report Data

Update | Delete | Security and infrastructure | Servers | Geoprocessing

Delete Usage Report

Default administrator role only