Create a basic policy

In this tutorial, you will learn how to create a policy and grant access to the Cities (0) layer for authenticated users.

This tutorial was tested for ArcGIS Enterprise 11.5 in December, 2025.

Prerequisites

Check the preconditions for this tutorial:

  • security.manager NEXT is installed.

  • You have access to two user accounts:

    • An administrative user account to administer security.manager and Portal.

    • A non-administrative user account to test the access.

  • You can use the service SampleWorldCities for this tutorial, so you can restrict access to the service.

  • security.manager NEXT is activated for the SampleWorldCities service that is shared for the organization, as described in the tutorial Activate security.manager.

Create a policy

Create a policy for SampleWorldCities in the security.manager NEXT Admin UI.

  1. Go to the service SampleWorldCities in the Service Manager pane.

  2. Click on three dot menu behind the service name and select Edit permissions to open the empty editor.

  3. Add a policy template to the editor.

    While editing a policy, press Ctrl+Space to display available examples, descriptions, and code snippets.

    1. Add {} to the empty editor.

    2. Inside the curly braces, add a policies object.

    3. Use the code snippets to add a policy template {"layers….

    You now have created a policy template that needs to be parameterized.

    {
    "policies": [{
        "layers": [
            ""
        ],
        "roles": []
    }]
}

  4. To apply the policy to layer 0, replace the empty string in layers with 0.

  5. To apply the policy to all authenticated users, add the predefined role enhancedSecurity_authenticated to the roles array.

    The basic policy should look like this:

    {
    "policies": [{
        "layers": [
            "0"
        ],
        "roles": ["enhancedSecurity_authenticated"]
    }]
}

  6. Click Save changes and restart to save the permissions.
    If the policy contains a syntax error, this button will be disabled to ensure that only valid configurations can be saved.

Authenticated users can now access the Cities (0) layer. Access for anonymous users remains unchanged, as it is restricted by the organizational sharing level in ArcGIS Portal. Administrator access is also unaffected, since it cannot be restricted using security.manager NEXT.

Verify configuration

To verify the previous configuration, open the service as a non-admin user in the ArcGIS Online Web Viewer.

  1. Open the service metadata of the SampleWorldCities service as non-admin user.
    You will see only the Cities (0) layer in the Layers section.

  2. Click on ArcGIS Online Web Viewer in the View In: section.
    You will see all features of the Cities (0) layer but no features of the other layers.

Summary

In this tutorial, you created a policy allowing authenticated users access to the Cities (0) layer. For further details, refer to Policies in the reference.

In the tutorial Feature restriction you will learn how to restrict the access to features based on their attributes.