HOW TO
When attempting to restrict privileges of multiple servers federated with a single Portal, there are some circumstances where an administrator would like to only allow users the ability to publish to, or administer, a specific server. There is an additional ArcGIS Server site role that was added in version 10.4 to allow for this fine-grained control of permissions.
Hypothetically, say we are looking to deploy an ArcGIS Enterprise stack for a company. We would like for each department to have their own ArcGIS Server to control to avoid resource contention, and make it easier for individual departments to manage their own content/services, while still allowing for a single management console and collaboration between departments.
While it is possible to set up a collaboration between multiple Portals, this increases the administrative overhead and increases the complexity of managing the organization’s content across multiple Portals.
The fine-grained access control setting in Portal allows for Portal groups to control permissions in terms of which users can publish to a specific federated server, as well as who can administer a federated server.
Once an ArcGIS Server site is federated with Portal:
This action updates the role on the Server site simultaneously and creates two groups within Portal, as well as two identically-named items:
Users that are either members of one of the two groups, or members of a group that one of the items has been shared with, can successfully access the Server Manager endpoint using their Portal for ArcGIS logins. They can also connect directly to the Server via ArcGIS Desktop over the web adaptor address (also known as the services URL) for publishing and/or administration, providing that administrative access over the web adaptor is enabled.
Article ID: 000022131
Get help from ArcGIS experts
Download the Esri Support App