Assign Privilege

URL:: https://<root>/security/roles/assignPrivilege
Methods:: POST
Version Introduced:: 10.1

Access requirements

Required privileges

The Sever Administrator API requires privilege-based access. An administrator must be assigned a specific user privilege, or role, to access any given endpoint. Listed below are the user privileges or roles an administrator can be assigned that provides access to this endpoint. If multiple privileges are listed, only one needs to be assigned to gain access.

Update Delete Security and infrastructure Servers

Note that administrators assigned a custom role must also have the administrative View all content privilege assigned to them to access the API directory as an administrator.

Tokens

This API requires token-based authentication. A token is automatically generated for administrators who sign in to the Server Administrator API directory's HTML interface. Tokens generated in this way are stored for the entirety of the session.

Those accessing the API directory outside of the HTML interface will need to acquire a session token from the generateToken operation in the Portal Directory API. For security reasons, all POST requests made to the Server Administrator API must include a token in the request body.

Learn how to generate a token

Description

The assignPrivilege operation assigns a privilege to a role.

Administrative access to ArcGIS Server is modeled as three broad tiers of privileges:

ADMINISTER—A role that possesses this privilege has unrestricted administrative access to ArcGIS Server.
PUBLISH—A role that possesses this privilege can only publish GIS services to ArcGIS Server.
ACCESS—No administrative access. A role with this privilege can only be granted permission to access one or more GIS services.

By assigning these privileges to one or more roles in the role store, the ArcGIS Server security model supports role-based access control to its administrative functionality. These privilege assignments are stored independent of the ArcGIS Server role store. As a result, you don't need to update your enterprise identity stores (like Active Directory).

Request parameters

Parameter Details

Parameter	Details
`rolename`	The name of the role. Example Use dark colors for code blocksCopy `1 rolename=editors`
`privilege`	The capability to assign to the role. The default capability is `ACCESS`. Values: `ADMINISTER` \| `PUBLISH` \| `ACCESS`
`f`	The response format. The default response format is `html`. Values: `html` \| `json` \| `pjson`

rolename

The name of the role.

Example
Use dark colors for code blocksCopy
rolename=editors

privilege

The capability to assign to the role. The default capability is ACCESS.

Values: ADMINISTER | PUBLISH | ACCESS

f

The response format. The default response format is html.

Values: html | json | pjson

Example usage

The following is a sample POST request for the assignPrivilege operation:

Use dark colors for code blocksCopy
POST /<context>/admin/security/roles/assignPrivilege HTTP/1.1
Host: organization.example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

rolename=editors&privilege=ADMINISTER&f=pjson

JSON Response example

Use dark colors for code blocksCopy
{"status": "success"}