ArcGIS Enterprise provides multiple methods for organizations to manage how their members access and interact with its content. One method is to assign members specific privileges through custom roles that include administrative privileges, such as managing an organization's security configuration. These custom roles allow organizations to delegate administrative tasks without assigning the default administrator role to multiple members.
The security privilege model is also used by the ArcGIS Server Administration REST API. Starting at 10.8.1, only members assigned specific administrative privileges can access the REST API. Access to other resources and operations is restricted based on the endpoints that are associated with, or required by, their role's privileges.
Note:
Members who are assigned the default administrator role continue to have access to the full Server Administration API.
Privilege-based access
Members can only access certain endpoints in the ArcGIS Server Administration API based on the privileges assigned to their role.
The following tables list the privileges that are authorized to access the ArcGIS Server Admin REST API:
| Administrative privilege category | Privileges |
|---|---|
Content | Update | Delete |
Portal Settings | Security and infrastructure | Servers | Organization webhooks |
Webhooks | Geoprocessing Caution:Users assigned the Geoprocessing privilege must add the Publish server-based layers privilege to their custom role. |
| General privilege category | Privileges |
|---|---|
Content | Register data stores |
Webhooks | Feature layer |
In addition to the privileges listed above, users assigned the Publisher default role can also access specific endpoints in the ArcGIS Server Admin API.
To learn more about these privileges, and the access they provide in an organization, see User types, roles, and privileges.
Endpoint access
Caution:
This topic outlines the required privileges for ArcGIS Enterprise 11.2 . To see the privileges that apply to the specific ArcGIS Enterprise version you are using, see the ArcGIS Server Admin API installed help.
The following sections list the privileges necessary to access each endpoint in the ArcGIS Server Administration API.
Note:
Users assigned the default administrator role have access to every endpoint in the Server Administration API. Endpoints that are accessible only to those assigned the default administrator role are specified below.
Server admin root
| Endpoint path | Privileges |
|---|---|
| Root | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Create New Site | Default administrator role only |
| Export Site | Default administrator role only |
| Import Site | Default administrator role only |
| Delete Site | Default administrator role only |
| Join Site | Default administrator role only |
| Upgrade | Default administrator role only |
| Generate Token | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Public Key | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
Machines
| Endpoint path | Privileges |
|---|---|
| Machines | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Register Machine | Security and infrastructure |
| Rename Machine | Security and infrastructure |
| Machine | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Edit Machine | Security and infrastructure |
| Start Machine | Security and infrastructure |
| Stop Machine | Security and infrastructure |
| Unregister Machine | Security and infrastructure |
| Synchronize With Site | Security and infrastructure |
| Hardware Configuration | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| SSL Certificates | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Generate Certificate | Security and infrastructure |
| Import Root Certificate | Security and infrastructure |
| Import Existing Server Certificate | Security and infrastructure |
| SSL Certificate | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Generate CSR | Security and infrastructure |
| Export Certificate | Security and infrastructure |
| Delete Certificate | Security and infrastructure |
| Import CA Signed Certificate | Security and infrastructure |
Services
Note:
Both the System and Utilities folders, and most of their operations, are only accessible to users assigned the default administrator or Publisher role. The edit service operations in both the System and Utilities folders are accessible only to users with the Security and infrastructure or Servers privileges.
| Endpoint path | Privileges |
|---|---|
| Services | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Edit Folder | Security and infrastructure |
| Create Service | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Rename Service | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Can Create Service | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Create Folder | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Exists | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Start Services | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Stop Services | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Delete Services | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Export Services | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Import Services | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Federate | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Unfederate | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Types | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Extensions | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Register Extension | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Update Extension | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Unregister Extension | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Providers | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Permissions | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Add Permission | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Has Child Permissions Conflict | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Clean Permissions | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Service Report | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Default Service Properties | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Update Default Service Properties | Default administrator role only |
| Webhooks | Geoprocessing | Feature layer |
| Settings | Organization webhooks |
| Service | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Service Status | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Start Service | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Stop Service | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Edit Service | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Change Provider | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Delete Service | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Job Statistics | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Item Information | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Edit Item Information | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Upload Item Information File | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Delete Item Information | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Lifecycle Information | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Webhooks | Geoprocessing | Feature layer |
| Create Webhook | Geoprocessing | Feature layer |
| Delete All | Geoprocessing | Feature layer |
| Activate All | Geoprocessing | Feature layer |
| Deactivate All | Geoprocessing | Feature layer |
| Webhook | Geoprocessing | Feature layer |
| Edit Webhook | Geoprocessing | Feature layer |
| Delete Webhook | Geoprocessing | Feature layer |
| Notification Status | Geoprocessing | Feature layer |
| Jobs | Update | Delete | Security and infrastructure | Servers |
| Job | Update | Delete | Security and infrastructure | Servers |
| Query Jobs | Update | Delete | Security and infrastructure | Servers |
| Purge Job Queue | Default administrator role only |
| Job Statistics | Update | Delete | Security and infrastructure | Servers |
| Delete Job | Default administrator role only |
| Cancel Job | Default administrator role only |
| Folder | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Delete Folder | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
Security
| Endpoint path | Privileges |
|---|---|
| Security | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Users | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Get Users | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Search Users | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Add User | Update | Delete | Security and infrastructure | Servers |
| Remove User | Update | Delete | Security and infrastructure | Servers |
| Update User | Update | Delete | Security and infrastructure | Servers |
| Assign Roles | Update | Delete | Security and infrastructure | Servers |
| Remove Roles | Update | Delete | Security and infrastructure | Servers |
| Get Privilege For User | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Roles | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Get Roles | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Search Roles | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Add Role | Update | Delete | Security and infrastructure | Servers |
| Remove Role | Update | Delete | Security and infrastructure | Servers |
| Update Role | Update | Delete | Security and infrastructure | Servers |
| Get Roles For User | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Get Users Within Role | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Add Users To Role | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Remove Users From Role | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Assign Privilege | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Get Privilege For Role | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Get Roles By Privilege | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Tokens | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Update Token Configuration | Security and infrastructure |
| Security Configuration | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Update Security Configuration | Security and infrastructure | Servers |
| Update Identity Store | Security and infrastructure | Servers |
| Test Identity Store | Security and infrastructure | Servers |
| Change Server Role | Security and infrastructure | Servers |
| Primary Site Administrator | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Update Primary Site Administrator | Default administrator role only |
| Enable Primary Site Administrator | Default administrator role only |
| Disable Primary Site Administrator | Default administrator role only |
System
| Endpoint path | Privileges |
|---|---|
| System | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Server Properties | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Update Server Properties | Security and infrastructure |
| Server Directories | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Register Directory | Default administrator role only |
Register Directories | Default administrator role only |
| Recover Server Directories | Default administrator role only |
| Server Directory | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Unregister Directory | Default administrator role only |
| Clean Directory | Default administrator role only |
| Edit Directory | Default administrator role only |
| Configuration Store | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Edit Configuration Store | Default administrator role only |
| Recover Configuration Store | Default administrator role only |
| Web Adaptors | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Web Adaptor Configuration | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Register data stores | Publisher role |
| Update Web Adaptors Configuration | Security and infrastructure |
| Web Adaptor | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Unregister Web Adaptor | Security and infrastructure |
| Handlers | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Rest Handler | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Rest Cache | Security and infrastructure |
| Clear Rest Cache | Security and infrastructure |
| Services Directory | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Edit Directory | Security and infrastructure |
| SOAP | Security and infrastructure | Geoprocessing | Register data stores | Publisher role |
| SOAP Handler Config | Security and infrastructure | Geoprocessing |
| Edit SOAP Handler Config | Security and infrastructure |
| Jobs | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Job | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Licenses | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Deployment | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Platform Services | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Compute Platform | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Start Compute Platform | Update | Delete | Security and infrastructure | Servers |
| Stop Compute Platform | Update | Delete | Security and infrastructure | Servers |
| Compute Platform Status | Update | Delete | Security and infrastructure | Servers |
| Compute Platform Health Check | Update | Delete | Security and infrastructure | Servers |
| Synchronization Service | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Start Synchronization Service | Update | Delete | Security and infrastructure | Servers |
| Stop Synchronization Service | Update | Delete | Security and infrastructure | Servers |
| Synchronization Service Health Check | Update | Delete | Security and infrastructure | Servers |
| Synchronization Service Status | Update | Delete | Security and infrastructure | Servers |
| Synchronization Service Reset | Update | Delete | Security and infrastructure | Servers |
Data
| Endpoint path | Privileges |
|---|---|
| Data | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Register Data Item | Security and infrastructure | Servers | Register data stores | Publisher role |
| Unregister Data Item | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Validate Data Item | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Validate All Data Items | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Find Data Items | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Federate Data Item | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Root Data Item | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role | |
| Edit Data Item | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Make Data Store Machine Primary | Update | Delete | Security and infrastructure | Servers |
| Validate Data Store | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Remove Data Store Machine | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Start Data Store Machine | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Stop Data Store Machine | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Datastore Configuration | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Update Datastore Configuration | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Relational Data Store Types | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Register Relational Data Store Type | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Relational Data Store Type | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Edit Relational Data Store Type | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Unregister Relational Data Store Type | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Big Data File Share Manifest | Update | Delete | Security and infrastructure | Servers |
| Big Data File Share Manifest Regeneration | Update | Delete | Security and infrastructure | Servers |
| Big Data File Share Manifest Update | Update | Delete | Security and infrastructure | Servers |
| Big Data File Share Hints | Update | Delete | Security and infrastructure | Servers |
| Big Data File Share Hints Update | Update | Delete | Security and infrastructure | Servers |
Uploads
| Endpoint path | Privileges |
|---|---|
| Uploads | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Upload Item | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Register Item | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Item | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Upload Part | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Commit Item | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Delete Item | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Item Parts | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
Logs
| Endpoint path | Privileges |
|---|---|
| Logs | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Query Logs | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Clean Logs | Security and infrastructure |
| Count Error Reports | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Log Settings | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Edit Log Settings | Security and infrastructure |
KML
| Endpoint path | Privileges |
|---|---|
| Kml | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Create Kmz | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Kmz File | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
Info
| Endpoint path | Privileges |
|---|---|
| Info | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
Mode
| Endpoint path | Privileges |
|---|---|
| Mode | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Update Site Mode | Default administrator role only |
Usage report
| Endpoint path | Privileges |
|---|---|
| Usage Reports | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Create Usage Report | Default administrator role only |
| Usage Reports Settings | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Edit Usage Reports Settings | Default administrator role only |
| Usage Report | Update | Delete | Security and infrastructure | Servers | Geoprocessing | Feature layer | Register data stores | Publisher role |
| Edit Usage Report | Default administrator role only |
| Query Report Data | Update | Delete | Security and infrastructure | Servers | Geoprocessing |
| Delete Usage Report | Default administrator role only |