When you publish a service in ArcGIS Server, all of the users get to see all of the layers and fields that are published in that service. While there is a little bit of control over which fields are editable, all the users see the same set of editable fields and permissions.
Now, with Geocortex Access Control, you have the ability to fine-tune who can see and edit which specific fields.
In this Geocortex Tech Tip, we’ll show you how you can set different user group permissions in fields in Geocortex Access Control.
“Hi, my name is Ryan Cooney. Today, I’m going to show you how you can set different user group permission on fields in Geocortex Access Control. Let’s have a look!
When you publish a service in ArcGIS Server, all of the users get to see all of the layers and fields that are published in that service. While there is a little bit of control over which fields are editable, all the users see the same set of editable fields, so you don’t have much granularity.
Now, with Geocortex Access Control, we’re going to be able to fine-tune who can see and edit which specific fields.
For my data today, I’ll be using a hosted feature service that’s editable. Here, I’ve got the service published and I’m going to take a quick look at what the data is. It’s just these points and if I select one, we can see that there’s a whole pile of fields here and that if I click edit in this map viewer, it’s editable. I’ve got a form and I’m able to take ahead of these.
So, let’s maybe just use this field this ‘ODOT District’ field. If I want to fine-tune who can see what with this let’s have a look and see how that’s done.
I’m going to go to Geocortex Access Control and I’m going to find that same service. So, this service is in the hosted folder here, so if I go into my ArcGIS Server hosted, I can find that service and I can find the layer that it’s part of, and I can go to the list of fields.
So, I’ve got the same list of fields that are available here, and we going to fine-tune the ODOT District field. So, if I select that I can just begin adding permissions.
First, I’m going to add by group and I’m going to start with the most general group that exists. This is the ‘All Users’ group so this everybody; an anonymous user, authenticated users – doesn’t matter what group you’re part of.
I can do something really simple here just deny it. So, if I save and then go back to my application, I was going to hit F5 to reload and now we’ll see what we have and there we go the ODOT district field, which was between these two is now gone.
So, all right very simple. I can deny a specific field, but a lot of power comes when you start combining permissions. By default I’m going to deny access to this, but what if I want to grant access to some people? What I can do is I can add another permission. I’m going to take the county staff group and I’m going to say that well they’re able to see it, but they’re not able to edit it.
Now, my current user that I’m signed in is a member of that group. Now, if I refresh this page and load it, I should be able to see that in a read-only view. There I can see the field is back, but when I select ‘Edit’ might be a little difficult to see but this is a read-only box now. So, the application is respecting that is read-only and by the way not only is the application disrespecting it, but if someone were to go direct to the ArcGIS Rest Endpoints and try and submit an edit on this, it’s protected behind the scenes as well.
I’m able to override the general ‘All Users’ group with a more specific group and we can even go further.
If I create a new one, I’m going to create about as specific a permission as you can. I’m going to define a permission that’s right on a user. I’m going to select the ‘Geocortex Demo’ user. That’s the user I’m actually signed in as right now, and I’m going to say that this user is now able to edit.
I’m going to go back to my application and refresh. I can see the field and when I put it into edit mode, I’m now able to edit. So, there we’ve got it! We now are able to define permissions of increasing specificity to tune who is able to see and do what with an individual field.
Now, you can apply similar permissions to other fields to be able to get exactly the right data in the hands of the right people.
There are a couple of things I want to point out as well.
You can see there’s a grayed-out field right here that I can’t set permissions on. This field ‘nlfid’ happens to be the primary display field of the layer. That’s used in a bunch of places and there isn’t really a suitable alternative here to secure it out of existence. So, we don’t allow you to secure that one.
Similarly, GlobalID and OBJECTID fields cannot be removed. Basically, they’re required for virtually all client applications that are going to do anything useful with your data. They rely on these fields and if we if you were to remove them, those applications would begin to fail. So, we just prevent you from securing those.
All right so there you have it! we are able to fine-tune exactly the fields and field capabilities that you want to expose in your applications to different end-users.
Hopefully, this can help you make the best user experience for your end-users and keep your data secure!’
Want to learn more about what Geocortex Access Control has to offer? Click the button below for additional product information, or to schedule a demo.