To allow ArcGIS Server sites to access the data resources you want to publish, you must do the following:
- Store the data in a location that the ArcGIS Server site can access.
- Grant permissions to allow ArcGIS Server the correct level of access to the data.
- Register the data store with the ArcGIS Server site.
Store data where ArcGIS Server can access it
Where you store data depends on the size of the data, the number of people who will access the web service you publish from the data and the functionality available in the service, and how frequently the data changes.
Store data locally on each ArcGIS Server machine
You can load an identical copy of file-based data to a local folder on each machine in the ArcGIS Server site. The folder name and path must be identical on every machine.
For example, you can place an identical copy of the data in C:\data on every machine in the site.
You can use this method in the following circumstances:
- The data is file-based.
- The data is not large.
- The data does not change or changes infrequently.
- You are unable to store the data in a shared directory.
See the Permissions for file-based data section below for more information.
Store data in a shared directory
Another way to make file-based data available to the ArcGIS Server site is to use operating system tools to share the directory in which the data is stored. Shared directories are commonly referred to with Universal Naming Convention (UNC) paths, which contain the name of the server and the name of the folder and subfolders (for example, \\myServer\data\datafiles).
If you store source files in shared directories, remember that all data source paths within the resource must also use UNC paths or relative paths. For example, if your map contains layers from three shapefiles, the paths to those shapefiles must be UNC or relative paths.
Note:
ArcGIS Server on Windows does not support the use of NFS shares for storage.
Although shared network folders are convenient for referencing data, you may experience locking issues if other clients access the source file at the same time. Therefore, shared directories may not be a practical option for data that is used in multiple web services or clients.
You can use this method in the following circumstances:
- The data is file-based.
- Desktop clients will not access the data directly in the shared directory.
See the Permissions for file-based data section below for more information.
Store data in a database or enterprise geodatabase
If you store spatial data in a relational database management system that Esri supports, you can access that data from ArcGIS using a database connection file (.sde) and publish map and feature services from it. You can also deploy an enterprise geodatabase in a subset of those supported databases to extend functionality.
Use this method in the following circumstances:
- You have large amounts of data.
- Large numbers of users access the same data.
- You have experienced staff who will configure and maintain the database.
- Editors need to edit data through a web service.
See the Permissions to data in a database section below for more information.
Database connections
Before you can register a database connection file (.sde) that accesses a database with the ArcGIS Server site, you must ensure that the 64-bit version of the database's client software is installed and, if necessary, configured on each ArcGIS Server machine in the site. For example, if you plan to register a Microsoft SQL Server database, you must install a supported SQL Server ODBC driver on each ArcGIS Server machine in the ArcGIS Server site. Once you install the client software, you must restart the ArcGIS Server service. Also remember to update this client software when you update the database version you access.
The following links access pages that describe the client software needed for each database and how to connect to the database:
- Connect to Dameng from ArcGIS
- Connect to Db2 from ArcGIS
- Connect to Oracle from ArcGIS
- Connect to PostgreSQL from ArcGIS
- Connect to SAP HANA from ArcGIS
- Connect to SQL Server from ArcGIS
- Connect to Teradata from ArcGIS
- Register a workgroup geodatabase with ArcGIS Server
If the database you register contains a traditional versioned geodatabase, ArcGIS Server accesses the version of that data present in the geodatabase version you set for the connection file. If you want ArcGIS Server to access different versions, you must register separate connection files to connect to these geodatabase versions. For example, you may need to register one connection file that accesses the default geodatabase version and one that accesses a child version.
If the database you register contains a branch versioned geodatabase, you can only publish from the default version; therefore, only register a connection file that accesses the default. For more information on how to publish branch versioned data, see Share branch versioned data in the ArcGIS Pro help.
Store data in a cloud data warehouse
If you store data in a supported cloud data warehouse, you can publish read-only services from the data in ArcGIS Pro.
Store data in a cloud data warehouse in the following circumstances:
- You have large amounts of source data.
- Large numbers of users access the same data.
- You do not require geodatabase functionality.
- You do not need to edit data through web services.
- You can co-locate the clients you use to publish (such as ArcGIS Pro) and the ArcGIS Server site in the same cloud location as the cloud data warehouse.
The account you use to connect to the cloud data warehouse must be granted permission to SELECT on the data to be published.
Cloud data warehouse client files
Before you can register a database connection file (.sde) that accesses a cloud data warehouse with the ArcGIS Server site, you must ensure that the cloud data warehouse's client software is installed and, if necessary, configured on each ArcGIS Server machine in the site. Once you install the client software, you must restart the ArcGIS Server service. Also remember to update this client software when the cloud data warehouse version changes.
For information on configuring the hosting ArcGIS Server site to access cloud data warehouse data, see the following topics:
Store caches, imagery, and big data files in a cloud storage container
Cloud storage containers provide a flexible option when you need to store large data files. Because map and image caches, imagery sources, and big data files have a tendency to be large, consider storing this type of data in a cloud store that you register with the ArcGIS Server site.
Because the data is stored in a remote location, the speed and throughput of your network will affect web service performance. Also, your network administrator may have to open your company's firewall to access these containers.
Store data in a cloud storage container You can co-locate the clients you use to publish (such as ArcGIS Pro or an ArcGIS Enterprise portal) and the ArcGIS Server site in the same cloud platform and region. Otherwise, web service performance may be slower than you require.
Cloud storage containers are supported in the following circumstances:
- You precreated cache for map, tile, vector tile, scene, or image services and will reference the cloud storage location where they are stored when you create the web service or web layer.
- You create imagery layers from files in the cloud storage container.
- The data stored in the cloud storage container will be used as input to GeoAnalytics Tools.
The account you use when you register a cloud storage container must have read access to the files in the container. If you will use the cloud storage container as an output location for raster analysis tools or GeoAnalytics Tools, the account must have write access to the container.
Grant permissions to the data
When you publish services that reference registered data, the ArcGIS Server account needs at least read permissions to any data in folders that you use in your services and at least SELECT permission on any data in databases or enterprise geodatabases that you access using operating system authentication. If you publish editable feature services or geodata services (geodatabases only), the ArcGIS Server account also needs editing permissions.
If you register a folder with the ArcGIS Server site, you must explicitly give the ArcGIS Server account permissions to read from that folder.
If you register the containing database, the type of permissions you need to grant depends on what type of database you are using and what type of authentication you are using to connect.
Services published from cloud data warehouses are read-only; therefore, the credentials used to connect only require privileges to select data.
The process of granting permissions to your file-based or database data is described in the remaining sections of this topic.
- If the data is stored in a folder, or if the data is in a database that you access using operating system authentication or Microsoft Azure Active Directory authentication, you must grant the ArcGIS Server account permission to the folder or the data in the database. The ArcGIS Server account is the domain account you specified when you installed ArcGIS Server, not the primary site administrator specified when the ArcGIS Server site was created.
- If the data is stored in a database that you access using database authentication, the database user you provide when registering the database must have permissions to the data.
- If the data is in a cloud data warehouse, the credentials you use to access the data warehouse must have permissions to view the data.
Permissions for file-based data
If the data you will publish is file based—such as shapefiles, image files, file geodatabases, and mobile geodatabases—you must configure access to the folders that contain the data files.
The login account used to sign in to the client machine from which you publish and the ArcGIS Server account must have at least read access to the file. If you publish a geodata service from a file geodatabase or publish a locator, the ArcGIS Server account must have write access to the folder and file.
If the data is stored in a mobile geodatabase, the publisher's login account and the ArcGIS Server account require read access to the file. The ArcGIS Server account requires only read access to the file share, but the login account on the ArcGIS Pro machine requires write access to the file share, because ArcGIS Pro locks the mobile geodatabase when accessing, and that creates lock files in the folder.
Here are some scenarios:
- If the files reside on the ArcGIS Server machine (or one of the ArcGIS Server machines in the event that the site contains more than one), grant the ArcGIS Server account read access to the folders containing file-based source data. If publishing a geodata service from a file geodatabase, also grant write access to the ArcGIS Server account.
- If the data does not reside on the ArcGIS Server machine and you use a local Windows account as the ArcGIS Server account, you must create an identical local account (having the same username and password) on the machine that hosts the data. Next, you must grant that local account access to the folders containing the source file. As long as the local accounts on the machine with data and the ArcGIS Server machine are identical, the ArcGIS Server machine can access the data.
- If the data does not reside on the ArcGIS Server machine and you use a domain account as the ArcGIS Server account, grant the domain account required access privileges to the folders and source files.
Be aware of your operating system's security mechanisms and hierarchies. For example, if you are working from a shared directory in Windows, you must grant the ArcGIS Server account share permissions on the folder, switch to the Security tab of the folder properties, and grant NTFS (file) permissions to the ArcGIS Server account for the folder. If you do not grant both types of permissions (share and file), ArcGIS Server cannot access the resource, because the operating system gives precedence to the more restrictive of the two.
Permissions to data in a database
When you publish a service that references data in a registered database, enterprise geodatabase, or workgroup geodatabase, ensure that the account used to connect to the database has the appropriate permissions to access the database and its data. If you registered an OLE DB connection, the connecting user requires only SELECT privileges on the tables to be published.
For registered database connection files (.sde), the type of permissions you need to grant depends on what type of database you use and what type of authentication you use to connect to it.
Note:
You always access a workgroup geodatabase using operating system authentication.
Database authentication
When using database authentication, you must save the username and password with the database connection you register. This is required for your service to access the data successfully.
To publish data, the database user saved with the connection file must have SELECT permissions on the data. If you're publishing an editable feature service, the connecting database user must have the permissions required to support the type of edits you will allow in the feature service—any combination of insert, update, or delete permissions.
Operating system authentication
If you access data through operating system authentication, add the ArcGIS Server account to the database and grant it permissions to the resources that it needs to access. When the service runs, it will sign in to the database management system as the ArcGIS Server account.
The way that you add the ArcGIS Server account and grant it permissions can vary. Consult your DBMS documentation to learn how to grant access to an operating system account.
Once you add the ArcGIS Server account, you must grant it SELECT permissions on the data that you are going to publish. If you publish an editable feature service, the ArcGIS Server account must have the permissions required to support the type of edits you will allow in the feature service—any combination of insert, update, or delete permissions. If you publish a geodata service, the ArcGIS Server account must have insert, update, and delete permissions on the replicated data.
Microsoft Azure Active Directory authentication
When connecting to Microsoft Azure SQL Managed Instance or Microsoft Azure SQL Database instances that are configured to use Microsoft Azure Active Directory - Password authentication, you must save the username and password with the connection file.
The user specified in the connection file must have SELECT permissions on the data to be published. If publishing an editable feature service, the user must also have the permissions required to support the type of edits you will allow in the feature service—any combination of insert, update, or delete permissions. If you publish a geodata service, the ArcGIS Server account must have insert, update, and delete permissions on the replicated data.
Register data locations with ArcGIS Server sites
Data registration gives you the most control over how your site accesses data and helps ensure that the data is truly accessible by the web services you publish. Therefore, after you grant the ArcGIS Server account the appropriate permissions to the folders and databases that contain your data, you need to register the folders and databases with the ArcGIS Server site. To allow publishers to store map or image caches in the cloud, register the cloud storage locations with your ArcGIS Server site.
If the ArcGIS Server site is federated with an ArcGIS Enterprise portal, you can add data stores in the portal. This provides the following advantages:
- You can register a single data store with multiple federated ArcGIS Server sites at one time.
- When registered in the portal, a data store portal item is created. You can share that item with portal groups or the entire organization. When members of the group or the organization publish content in that data store from ArcGIS Server Manager or ArcGIS Pro, they don't have to separately register the data store with the federated servers you configured for the data store item.
However, if you register the data store in the ArcGIS Enterprise portal, you cannot do the following at this time:
- Configure the data store as a cache store.
- Manage the data store outside of the portal.
If you use a stand-alone ArcGIS Server site, register your data stores in ArcGIS Server Manager or ArcGIS Pro.
See the following topics for information on options to register a data store: