ArcGIS Enterprise provides multiple ways for organizations to manage how their members access and interact with the portal and its content. One way to manage member access is by creating custom roles, which provides fine-grained control over the privilegs that are granted to organization members. Privileges determine which tasks and workflows a member can perform within an organization. For example, a user assigned a custom role with the administrative privlege to create geoprocessing webhooks can create and manage webhooks for geoprocessing services, whereas a user assigned a custom role with the administrative privilege to manange the organization's security can set the security policies and manage SSL certificates.
Access to the Server Administrator API is also dependent on the privilegse a member is assigned. Access to the API is restrictied to a select number of privileges. When one of these privileges are included in a role assigned to an organization member, that member can access the API endpoints associated with, or required by, their role's privileges. All other endpoints are inaccessible.
The table below shows which administrative privileges are authorized to access the Server Administrator API:
Administrative privileges
| Privilege category | Privileges |
|---|---|
General Content | Register data stores |
General Webhooks | Feature layer |
Administrative Content |
|
Portal Settings |
|
Administrative Webhooks | Geoprocessing |
In addition to the privileges listed above, users assigned the default Publisher role can also access specific endpoints in the Server Administrator API.
Privilege access
The following sections provide a high-level summary of each privilege that provides access to the API directory. The summaries for each privilege list both the front-end and back-end workflows that administrators have access to.
Register data stores
Administrators assigned the Register data stores privilege can add data store items to the portal. For the Server Administrator API, administrators assigned this privilege can access log-related endpoints, such as Query and Settings, as well view resources that return a high-level overview of the server's information and configuration, such as Info and Mode.
Feature layer
Administrators assigned the Feature layer privilege can create, edit, and delete their own feature layer webhooks. For the Server Administrator API, administrators assigned this privilege can access endpoints related to feature layer and geoprocessing webhooks, such as Create and Notification Status. These administrators can also access log-related endpoints, such as Query and Settings, as well view resources that return a high-level overview of the server's information and configuration, such as Info and Mode.
Update
Administrators assigned the Update privilege can update and categorize content owned by all organization members, and edit data in all hosted feature layers and hosted feature layer views. For the Server Administrator API, administrators assigned this privilege can access log-related endpoints, such as Query and Settings, as well view resources that return a high-level overview of the server's information and configuration, such as Info and Mode.
Delete
Administrators assigned the Delete privilege can delete content owned by any organization member. For the Server Administrator API, administrators assigned this privilege can access log-related endpoints, such as Query and Settings, as well view resources that return a high-level overview of the server's information and configuration, such as Info and Mode.
Security and infrastructure
Administrators assigned the Security and infrastructure privilege can configure the portal's security settings, such as managing the user types and add-on licenses assigned by default to new members and configuring security policies. For the Server Administrator API, administrators assigned this privilege can access most API endpoints. This includes endpoints related to managing server machines, such as Register and Rename, and endpoitns used to manage the server's security configuration, such as Update. These administrators can also access log-related endpoints, such as Query and Settings, as well view resources that return a high-level overview of the server's information and configuration, such as Info and Mode.
Servers
Administrators assigned the Servers privilege can manage the server's settings, as well as configure the federated servers sites for the organization. For the Server Administrator API, administrators assigned this privilege can access any endpoints related to managing the server, such as Update. These administrators can also access log-related endpoints, such as Query and Settings, as well view resources that return a high-level overview of the server's information and configuration, such as Info and Mode.
Organization webhooks
Administrators assigned the Organization webhooks privilege can manage all webhooks configured for the organization, including service webhooks. For the Server Administrator API, administrators assigned this privilege can access the Settings endpoint. These administrators can also access log-related endpoints, such as Query and Settings, as well view resources that return a high-level overview of the server's information and configuration, such as Info and Mode.
Geoprocessing
Administrators assigned the Geoprocessing privilege can create, edit, and delete geoprocessing webhoosk. For the Server Administrator API, administrators assigned this privilege can access endpoints related to feature layer and geoprocessing webhooks, such as Create and Notification Status. These administrators can also access log-related endpoints, such as Query and Settings, as well view resources that return a high-level overview of the server's information and configuration, such as Info and Mode.