FAQ: Can read-only (viewer) ArcGIS users be prevented from creating new geodatabase domains?
Can read-only (viewer) ArcGIS users be prevented from creating new geodatabase domains?
When sdesetupxx creates the geodatabase tables, it grants all privileges (SELECT, INSERT, UPDATE and DELETE) on the GDB tables to PUBLIC. This means a viewer user can insert new domains into the SDE.GDB_DOMAINS table. The user cannot alter or remove domains owned by other users.
To prevent users from creating new domains, the database administrator can alter the privileges on the SDE.DOMAINS table, revoking all privileges from PUBLIC, and granting SELECT, INSERT, UPDATE, and DELETE privileges only to selected users. The administrator should grant access to the SDE.DOMAINS table to all data owners, that is, to users who manage the database schema.