Getting started
This section describes how security.manager NEXT can be activated for the service SampleWorldCities and how to restrict access to an individual layer.
The service SampleWorldCities is part of each standard installation of ArcGIS Enterprise.
Preconditions
- 
The service SampleWorldCitiesis available in the root folder of your ArcGIS Server. Make sure the service is started.
- 
Public access for SampleWorldCitiesin ArcGIS Server Manager is disabled:- 
For federated ArcGIS Server: Verify the sharing settings by clicking  and make sure the value Everyone (public) is not selected, and the ArcGIS organization (the option below) is selected. and make sure the value Everyone (public) is not selected, and the ArcGIS organization (the option below) is selected.
- 
Otherwise: Verify the security settings of the service by clicking  .
Make sure that Private → Allow access to all Users who are logged in is selected. .
Make sure that Private → Allow access to all Users who are logged in is selected.
 
- 
Protect the service
- 
Open Manager UI in the Browser via https://<tomcat-host>/secman-nextand log in with an administrative account.
- 
To activate security.manager NEXT for SampleWorldCities, select the Service Manager tab.In case you are asked to select a Federated Server, select the one that hosts the SampleWorldCitiesservice.
- 
Select Root Folder and, next to SampleWorldCities, click  → Activate security.manager → Activate.
This will restart the service, and the icon changes to → Activate security.manager → Activate.
This will restart the service, and the icon changes to . .
- 
To create a new policy, click  → Edit permissions. → Edit permissions.As a policy you can use the following example: { "policies": [ { "layers": ["0"], "roles": ["enhancedSecurity_authenticated"] } ] }Alternatively you can edit the policy in a text editor, and upload it as file, or simply drag and drop it on the dialog. In section Policy Format you can learn more about the format and available policy features. 
- 
Click Save changes and restart 
Review permissions
A policy is a combination of layers, roles, and optional restrictions. Therefore, multiple permissions result from a single policy. These can be reviewed as follows.
| A service must be started in order to view its policies. | 
Authorized layers
- 
Select the Policies tab, if needed select your ArcGIS Server, and click on Root Folder → SampleWorldCities. 
- 
Select the Resources View. 
- 
Navigate to the service of interest. 
 The list of displayed services can be filtered by selecting a folder and/or using the filtering options at the top of the Folders and Services column.
- 
Check that for layer Cities - 0, one permission is indicated in the icon. 
- 
Click on Cities - 0 to review the actual permission. 
Access the service
| Administrative users always have full access. | 
- 
Open ArcGIS Server Manager. 
- 
Navigate to SampleWorldCities → Capabilities → Mapping. 
- 
Open the REST URL in the lower part of the Capabilities page in an incognito browser window. 
- 
Log in as a non-administrative user and verify that under Layers only Cities (0) is listed. 
- 
Click on ArcGIS Online Map Viewer and verify that only the Cities layer is loaded into the map.