Manage roles in Manager—ArcGIS Server | Documentation for ArcGIS Enterprise
Skip To Content

Manage roles in Manager

The Security module in ArcGIS Server Manager contains a Roles page. If you have a stand-alone ArcGIS Server site, you can use this page to view and manage your site's roles, which define a set of permissions granted to the users designated with that role.

The features available on this page vary depending on where your roles are managed. If roles are in the ArcGIS Server built-in store, you can add, modify, and delete roles in Manager. If you have configured web-tier authentication and manage roles from an external identity provider, you can only view the list of roles and search for roles. You cannot add new roles, delete roles, or modify a role's properties in Manager.

Note:

If you have configured web-tier authentication, you must manage users from your external identity store, but you can choose to manage roles either from the external identity store or from the built-in store. You can change this in the Configuration Settings on the Security > Settings page in Manager.

If your server site is federated with an ArcGIS Enterprise portal, the users list in ArcGIS Server Manager will be grayed out. Log in to the portal as an administrator to manage users.

Learn more about the security models available in ArcGIS Server

View roles

To view the roles in your identity store, follow the steps below.

  1. Log in to Manager as the primary site administrator or a user with administrative access.
  2. Click Security > Roles.

Manager only displays the first 1,000 roles in your identity store. However, Manager offers a Search tool that you can use to locate and view the properties of a role. This is especially convenient when your identity store contains a large number of roles. To find a role using the Search tool, see the next section in this topic.

Note:

On the Roles page, only roles belonging to the same domain as the ArcGIS Server site are displayed. To view roles belonging to other domains, you'll need to use the Search tool.

Add roles

You can add a new role to the built-in Identity store in ArcGIS Server Manager by following the steps below.

  1. Log in to Manager as the primary site administrator or a user with administrative access.
  2. Click Security > Roles.
  3. Click New Role. This displays a dialog box to add a new role. On this dialog box, provide the following information:
    • Role name: This is a required parameter and must be set to a unique value that easily identifies the role.
    • Description: A brief description of the role.
    • Role Type: Choose one of the available role types:
      • Administrator: The Administrator role type is given unrestricted access to ArcGIS Server administrative components and functions. Members of a role with the role type set to Administrator can log in to ArcGIS Server Manager, the Services Directory, and the Administrator Directory with access to all features and functionality. They can add or remove machines from the site, configure security, and so forth. This role type should be restricted to roles that perform ArcGIS Server site administration.
      • Publisher: The Publisher role type is given limited access to ArcGIS Server administrative components and functions. Members of a role with the role type set to Publisher can log in to ArcGIS Server Manager and the Administrator Directory with access to only the service and log management features. They can publish new services, manage existing services, and generate map caches. They cannot configure or change ArcGIS Server security options but can manage permissions for services. This role type should be restricted to roles that publish and manage ArcGIS web services.
      • User: The User role type is restricted from accessing ArcGIS Server administrative components and functions. Members of a role with the role type set to User cannot access ArcGIS Server Manager or the Administrator Directory. They can only use or access a service, provided that permission has been granted to their user accounts to access it. This role type should be for users who will consume GIS web services through the ArcGIS web APIs. Each role is set to type User by default.
      Note:

      If a role's type is set to either Administrator or Publisher, that role automatically gets implicit access permission to all services published to the ArcGIS Server site. This implicit permission cannot be overridden by changing the permissions on a service or folder.

  4. To add users as members to this role, click the Add User button Add User next to a user in the Available users list. You need to have one or more users previously defined to do this. If there are currently no users in the identity store, you can modify the role later to add members. To add users to the identity store, see Manage users in Manager.

Search for a role

To search for a role in Manager, follow the steps below.

  1. Log in to Manager as the primary site administrator or a user with administrative access.
  2. Click Security > Roles.
  3. Provide the name of the role on the Find Role dialog box.
    Note:

    If you're using an external identity store, you can also type the first few characters of the role name or use the asterisk (*) character to replace one or more characters in the role name. For example, to locate a role named ArcGIS Administrators, you can use the search string *Administrators or ArcGIS*.

    Note:

    The search string [role name] only locates roles belonging to the same domain as the ArcGIS Server site. To locate a specific role in a different domain, use the search string [domain]\[role name]. To list all of the roles in a different domain, use the search string [domain]\.

  4. Click the Search button Search to view the results of your query.

Modify a role

You can modify a role's properties in ArcGIS Server Manager by following the steps below.

  1. Locate the role you want to modify and click the Edit button Edit corresponding to that role. This opens a dialog box that allows you to edit the role description, role type, and role members.
    Note:

    You cannot modify the name of a role.

  2. Click the Add User button Add User to add users from the Available users list. Click the Delete button Delete next to the user name to remove users from the Role members list.
  3. Click Save to apply your changes or Cancel to abandon the changes and return to the Roles page.

Delete a role

You can delete a role in Manager by following the steps below.

Note:

If your roles are stored in an organization-specific identity provider, such as LDAP or Active Directory, you will need to use that product's user management tool to delete roles.

  1. Log in to Manager as the primary site administrator or a user with administrative access.
  2. Click Security > Roles.
  3. Click the Delete button Delete corresponding to that role.
  4. Click Yes when prompted to confirm that you want to delete the role.