Manage access

ArcGIS Enterprise on Kubernetes provides multiple ways for organizations to manage how their members access and interact with its content. One way is by assigning members specific privileges through custom roles that include administrative privileges, such as the ability to manage an organization's security configuration. These custom roles allow organizations to delegate administrative tasks without having to assign the default administrator role to multiple members.

Only members assigned specific administrative and Publisher role privileges will be able to access the ArcGIS Enterprise Administrator API itself. Further access to resources and operations is restricted based on the endpoints that are associated with, or required by, their role's privileges.

Privilege-based access

Members are only able to access some endpoints in the ArcGIS Enterprise Admin API based on the privileges assigned to their role. Resources and operations that are not accessible to members are inaccessible through the UI or return errors if they are accessed through URL paths.

The following table shows which administrative privileges are authorized to access the ArcGIS Enterprise Admin API that can be assigned to users:

Administrative privilege category	Privilege name
Members	Manage licenses
Groups	Links to organization-specific group
Content	Update \| Delete
Portal Settings	Security and Infrastructure \| Servers \| Organization website

In addition to the administrative privileges listed above, users assigned the Publisher default role will also be able to access the ArcGIS Enterprise Admin API.

Endpoint access

The following sections outline the access provided to each administrative privilege, as well as which endpoints are available to users assigned the Publisher role.

Organizations

Endpoint	Privileges
Organizations	Security and infrastructure \| Servers \| Manage licenses \| Links to organization-specific group
Organization	Security and infrastructure \| Servers \| Update \| Delete \| Manage licenses \| Links to organization-specific group
Security	Security and infrastructure
Users	Security and infrastructure
Create User	Security and infrastructure
Get Enterprise User	Security and infrastructure
Search Enterprise User	Security and infrastructure
Refresh Membership	Security and infrastructure
Groups	Security and infrastructure \| Links to organization-specific group
Get Users Within Enterprise Groups	Security and infrastructure \| Links to organization-specific group
Get Enterprise Groups for User	Security and infrastructure \| Links to organization-specific group
Search Enterprise Groups	Security and infrastructure \| Links to organization-specific group
Refresh Membership	Security and infrastructure \| Links to organization-specific group
Licenses	Manage licenses
Validate License	Manage licenses
Import License	Manage licenses
Update License Manager	Manage licenses
Export Geodatabase License	Manage licenses
Federation	Servers
Servers	Servers
Federate Server	Servers
Validate Servers	Servers
Server	Servers
Validate Server	Servers
Update Server	Servers
Unfederate Server	Servers
Properties	Default administrator role
Update Properties	Default administrator role

Services

Endpoint	Privileges
Services	Security and infrastructure \| Update \| Delete \| Publisher role
Create Service	Security and infrastructure \| Update \| Delete \| Publisher role
Create Folder	Security and infrastructure \| Update \| Delete \| Publisher role
Can Create Service	Security and infrastructure \| Update \| Delete \| Publisher role
Delete Services	Security and infrastructure \| Update \| Delete \| Publisher role
Service Exists	Security and infrastructure \| Update \| Delete \| Publisher role
Find Services	Note This operation has been deprecated with the release of ArcGIS Enterprise on Kubernetes 10.9.1. Security and infrastructure \| Update \| Delete \| Publisher role
Refresh Auto-Deployed Services	Security and infrastructure \| Update \| Delete \| Publisher role
Folder	Security and infrastructure \| Update \| Delete \| Publisher role
System	Security and infrastructure \| Update \| Delete \| Publisher role
Utilities	Security and infrastructure \| Update \| Delete \| Publisher role
Service	Security and infrastructure \| Update \| Delete \| Publisher role
Start Service	Security and infrastructure \| Update \| Delete \| Publisher role
Stop Service	Security and infrastructure \| Update \| Delete \| Publisher role
Edit Service	Security and infrastructure \| Update \| Delete \| Publisher role
Change Provider	Security and infrastructure \| Update \| Delete \| Publisher role
Delete Service	Security and infrastructure \| Update \| Delete \| Publisher role
Status	Security and infrastructure \| Update \| Delete \| Publisher role
Item Info	Security and infrastructure \| Update \| Delete \| Publisher role
Edit Item Info	Security and infrastructure \| Update \| Delete \| Publisher role
Upload Item Info	Security and infrastructure \| Update \| Delete \| Publisher role
Delete Item Info	Security and infrastructure \| Update \| Delete \| Publisher role
Scaling	Security and infrastructure \| Update \| Delete \| Publisher role
Edit Scaling	Security and infrastructure \| Update \| Delete \| Publisher role
Placement Policy	Security and infrastructure
Edit Placement	Security and infrastructure
Webhooks	Feature layer \| Geoprocessing \| Publisher role
Create	Feature layer \| Geoprocessing \| Publisher role
Delete All	Feature layer \| Geoprocessing \| Publisher role
Activate All	Feature layer \| Geoprocessing \| Publisher role
Deactivate All	Feature layer \| Geoprocessing \| Publisher role
Webhook	Feature layer \| Geoprocessing \| Publisher role
Edit Webhook	Feature layer \| Geoprocessing \| Publisher role
Delete Webhook	Feature layer \| Geoprocessing \| Publisher role
Notification Status	Feature layer \| Geoprocessing \| Publisher role
Jobs	Security and infrastructure \| Update \| Delete \| Publisher role
Query Jobs	Security and infrastructure \| Update \| Delete \| Publisher role
Job	Security and infrastructure \| Update \| Delete \| Publisher role
Types	Security and infrastructure \| Update \| Delete \| Publisher role
Type	Security and infrastructure \| Update \| Delete \| Publisher role
Extensions	Security and infrastructure \| Update \| Delete \| Publisher role
Providers	Security and infrastructure \| Update \| Delete \| Publisher role
Webhooks	Feature layer \| Geoprocessing \| Publisher role
Webhook Settings	Organization webhooks
Properties	Security and infrastructure \| Update \| Delete \| Publisher role
Update Properties	Security and infrastructure \| Update \| Delete \| Publisher role

Security

Endpoint	Privileges
Security	Security and infrastructure
Security Configuration	Security and infrastructure
Update Security Configuration	Security and infrastructure
Test Identity Store	Security and infrastructure
Update Identity Store	Security and infrastructure
Ingress Security Configuration	Security and infrastructure
Update Ingress Security Configuration	Security and infrastructure
SAML Security Configuration	Security and infrastructure
Update SAML Security Configuration	Security and infrastructure
Certificates	Security and infrastructure
Identity Certificates	Security and infrastructure
Import Identity Certificate	Security and infrastructure
Identity Certificate	Security and infrastructure
Delete Identity Certificate	Security and infrastructure
Trust Certificates	Security and infrastructure
Import Trust Certificate	Security and infrastructure
Trust Certificate	Security and infrastructure
Delete Trust Certificate	Security and infrastructure

Uploads

Endpoint	Privileges
Uploads	Publisher role
Upload	Publisher role
Register	Publisher role
Configure	Publisher role
Uploaded Item	Publisher role
Commit	Publisher role
Upload Part	Publisher role
Download	Publisher role
Delete	Publisher role

Data stores

Endpoint	Privileges
Data Stores	Update \| Publisher role
Register Item	Update \| Publisher role
Unregister Item	Update \| Publisher role
Validate Data Item	Update \| Publisher role
Find Items	Update \| Publisher role
Datastore Configuration	Publisher role
Datastore	Publisher role
Status	Publisher role
Reset Standby	Publisher role
Switch Role	Publisher role
Configuration	Publisher role
Edit Configuration Scaling	Publisher role

System

Endpoint	Privileges
System	Security and infrastructure \| Servers \| Manage licenses \| Organization website
Deployments	Default administrator role
Find Deployments	Note This operation has been deprecated with the release of ArcGIS Enterprise on Kubernetes 10.9.1. Security and infrastructure
Deployment Default Properties	Default administrator role
Property Template	Default administrator role
Edit Property Template	Default administrator role
Deployment	Default administrator role
Edit Deployment	Default administrator role
Refresh Deployment	Default administrator role
Deployment Status	Default administrator role
Volumes	Security and infrastructure
Create Volumes	Security and infrastructure
Volume Configurations	Security and infrastructure
Create Volume Configurations	Security and infrastructure
Container Registries	Default administrator role
Container Registry	Default administrator role
Edit Container Registry	Default administrator role
Upgrades	Security and infrastructure \| Servers
Check Available Updates	Security and infrastructure \| Servers
Upgrade	Security and infrastructure \| Servers
Check Installed Updates	Security and infrastructure \| Servers
Check Rollback Options	Security and infrastructure \| Servers
Rollback	Security and infrastructure \| Servers
Import Version Manifest	Security and infrastructure \| Servers
Get Upgrade Settings	Security and infrastructure \| Servers
Current Version	Security and infrastructure \| Servers
History	Security and infrastructure \| Servers
Exports	Security and infrastructure \| Servers
Export	Security and infrastructure \| Servers
Configurations	Security and infrastructure \| Servers
Update Configurations	Security and infrastructure \| Servers
Disaster Recovery	Security and infrastructure
Get Status	Security and infrastructure
Stores	Security and infrastructure
Register Backup Store	Security and infrastructure
Backup Store	Security and infrastructure
Unregister Backup Store	Security and infrastructure
Update Backup Store	Security and infrastructure
Validate Backup Store	Security and infrastructure
Backups	Security and infrastructure
Create Backup	Security and infrastructure
Backup	Security and infrastructure
Delete Backup	Security and infrastructure
Restore Backup	Security and infrastructure
Update Backup	Security and infrastructure
Backup and Restore	Note This operation has been deprecated with the release of ArcGIS Enterprise on Kubernetes 10.9.1. Security and infrastructure
Disaster Recovery Settings	Security and infrastructure
Update Disaster Recovery Settings	Security and infrastructure
Indexer	Default administrator role
Index Status	Default administrator role
Reindex	Default administrator role
Properties	Security and infrastructure \| Servers
Update Properties	Security and infrastructure
Web Adaptors	Security and infrastructure
Web Adaptor Configuration	Security and infrastructure
Update Web Adaptor Configuration	Security and infrastructure
Web Adaptor	Security and infrastructure
Unregister Web Adaptor	Security and infrastructure
Licenses	Note This operation has been deprecated with the release of ArcGIS Enterprise on Kubernetes 11.0. Manage licenses
Import Server Licenses	Note This operation has been deprecated with the release of ArcGIS Enterprise on Kubernetes 11.0. Manage licenses
Content	Organization website
Languages	Organization website
Add Languages	Organization website
Remove Languages	Organization website
External Content	Organization website
Updated External Content	Organization website
Tasks	Default administrator role
Create Task	Default administrator role
Task	Default administrator role
Edit Task	Default administrator role
Delete Task	Default administrator role
Enable Task	Default administrator role
Disable Task	Default administrator role
Runs	Default administrator role
Run	Default administrator role
Edit Run	Default administrator role
Delete Run	Default administrator role
Architecture Profiles	Servers
Development	Servers
Standard Availability	Servers
Enhanced Availability	Servers
Enterprise Functions	Security and infrastructure
Add Enterprise Functions	Security and infrastructure
Remove Enterprise Functions	Security and infrastructure

Logs

Endpoint	Privileges
Logs	Security and infrastructure \| Servers \| Delete \| Manage licenses \| Links to organization-specific group \| Publisher role
Clean	Security and infrastructure \| Servers \| Delete \| Link to organization-specific group
Export	Security and infrastructure \| Servers \| Delete \| Manage licenses \| Links to organization-specific group \| Publisher role
Query	Security and infrastructure \| Servers \| Delete \| Manage licenses \| Links to organization-specific group \| Publisher role
Search	Security and infrastructure \| Servers \| Delete \| Manage licenses \| Links to organization-specific group \| Publisher role
Settings	Security and infrastructure \| Servers \| Delete \| Manage licenses \| Links to organization-specific group \| Publisher role
Edit Settings	Security and infrastructure \| Servers \| Delete \| Links to organization-specific group
Update Log Index	Security and infrastructure \| Servers \| Delete \| Links to organization-specific group

Overview

Endpoint	Privileges
Overview	Security and infrastructure
Overview Config	Security and infrastructure
Update Overview Config	Security and infrastructure

Mode

Endpoint	Privileges
Mode	Security and infrastructure
Update Mode	Security and infrastructure

Usage statistics

Endpoint	Privileges
Usage Statistics	Default administrator role
Update Credentials	Default administrator role

Jobs

Endpoint	Privileges
Jobs	Security and infrastructure \| Update \| Delete \| Publisher role
Job	Security and infrastructure \| Update \| Delete \| Publisher role

Health Check

Endpoint	Privileges
Health Check	Security and infrastructure
Run Health Check	Security and infrastructure
Suites	Security and infrastructure
Suite	Security and infrastructure
Reports	Security and infrastructure
Query Reports	Security and infrastructure
Delete Reports	Security and infrastructure
Export Reports	Security and infrastructure
Report	Security and infrastructure
Rename	Security and infrastructure

Cloud

Endpoint	Privileges
Cloud	Default administrator role
Providers	Default administrator role
Provider	Default administrator role
Update Provider Credentials	Default administrator role
Services	Default administrator role
Service	Default administrator role
Add Service Credentials	Default administrator role