漏洞
The 'Update' administrative privilege allows users to edit all features, even when the 'Edit Features' and 'Edit with Full Control' privileges are disabled.
| 漏洞 ID 编号 | BUG-000150054 |
|---|---|
| 已提交 | June 16, 2022 |
| 上次修改时间 | May 16, 2025 |
| 适用范围 | ArcGIS Online |
| 找到的版本 | 10.1 |
| 操作系统 | Windows OS |
| 操作系统版本 | 10.0 |
| 修正版本 | Planned Release Date: Q2 2023 |
| 状态 | Fixed |
附加信息
This is a long-standing feature designed to work this way. The 'Update' administrative privilege (also known as portal:admin:updateItems privilege in the REST API) allows a custom role with the administrative Update power over any item in the organization. This privilege is also the one that enables user to edit and have full editing control (in Map Viewer, for example) despite the item settings. This editing change is not immediately apparent when the option in the 'Edit Role' user interface is enabled. A better documentation about this behavior, and updating the description in the 'Edit Role' user interface is under progress. These two pages in the documentation are going to be updated in the June 2023 release to clarify the expected behavior: https://docdev.arcgis.com/en/arcgis-online/administer/privileges-for-roles-orgs.htm#ESRI_SECTION1_41D9146A73474E10A94E5EBBE3A79114 and https://developers.arcgis.com/rest/users-groups-and-items/privileges.htm.重现步骤
漏洞 ID: BUG-000150054
软件:
- ArcGIS Online
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序