ERROR
While making edits on a feature class with a domain user that is part of multiple Active Directory groups, the following error is returned:
Failed to create features. Insufficient permissions
Active Directory authentication enables domain-joined clients on either Windows or Linux to authenticate to SQL Server using their domain credentials.
Active Directory authentication has the following advantages over SQL Server authentication:
Because of all these advantages, the organization creates multiple Active Directory groups where the domain credentials of each individual member could be added in multiple Active Directory groups.
When multiple Active Directory groups are user-mapped with a SQL Server enterprise geodatabase, along with the stand-alone login of domain users which are user-mapped with SQL Server enterprise geodatabase, there is a possibility that all Active Directory groups and standalone log-ins would be assigned with different set of permissions on the geodatabase.
If there is a domain user that is part of multiple Active Directory groups, then the domain account would be assigned with a different set of permissions on the geodatabase.
As the same domain user is added to multiple Active Directory groups, and as each Active Directory group is being assigned with different set of permissions, along with the stand-alone log-ins of domain users, ArcGIS Pro or ArcMap cannot determine from which Active Directory group / domain user the permissions should be inherited.
The best solution for this problem is to make sure that one domain user is not a part of multiple Active Directory groups and the stand-alone logins of domain users are not added to active directory groups.
Get help from ArcGIS experts
Download the Esri Support App