Feature restriction

In this tutorial, you will learn how to restrict the access to a subset of features based on their attributes. You will restrict the access to the Cities (0) layer to only those cities with a minimal population of 1,000,000.

This tutorial was tested for ArcGIS Enterprise 11.5 in December, 2025.

Prerequisites

Check the preconditions for this tutorial:

  • security.manager NEXT is installed.

  • You have access to two user accounts:

    • An administrative user account to administer security.manager and Portal.

    • A non-administrative user account to test the access.

  • You can use the service SampleWorldCities for this tutorial, so you can restrict access to the service.

This tutorial is based on the Create a basic policy tutorial, in which you allowed authenticated users to access the Cities (0) layer of the SampleWorldCities service. The service is shared with the organization. If you are already familiar with these steps, you can complete this tutorial independently; however, keep in mind that your policy file might look different.

Add a feature restriction

The easiest way to add feature restriction is to add a template first and then adjust it. You can add templates by pressing Ctrl+Space. This function displays available examples, descriptions, and code snippets.

Add a template

First, add a feature restriction template to the existing policy.

  1. Open the permissions editor in the security.manager NEXT Manager UI.

    You should now see the permission created in the previous tutorial.

    {
    "policies": [{
        "layers": [
            "0"
        ],
        "roles": ["enhancedSecurity_authenticated"]
    }]
}

  2. Add a new line in front of policies at the top.

  3. Add a restrictions object by using the code snippets.

  4. Add a new line inside the curly braces and enter "population": to create a new restriction called population.

  5. After entering the colon, a list of restriction types appears. Select Feature restriction.
    If no list is displayed use Ctrl+Space to open it manually.

Now you have created a skeleton for a feature restriction.

{
    "restrictions": {
        "population":{ (1)
            "type": "feature", (2)
            "query": "" (3)
        }
    },
    "policies": [{
        "layers": [
            "0"
        ],
        "roles": ["enhancedSecurity_authenticated"]
    }]
}
1 The restriction is called population.
2 The type of the restriction is feature.
3 There is no condition for the query element.

Adjust the restriction

Adjust the template to filter features with a population of 1,000,000 or more.

When you assign a condition to a policy, security.manager applies this restriction to all incoming requests. As a result, only features that match the condition are accessible.

  1. Define a condition for the query element by entering pop >= 1000000.

  2. Add a comma and a new line after the roles element.

  3. Add a restrictions array.

  4. Inside this array, add population as the restriction name. This assigns the restriction to the already created policy.

    The policy with the feature restriction should now look like this:

    {
    "restrictions": {
        "population":{
            "type": "feature",
            "query": "pop >= 1000000"
        }
    },
    "policies": [{
        "layers": [
            "0"
        ],
        "roles": ["enhancedSecurity_authenticated"],
        "restrictions": ["population"]
    }]
}

  5. Click on Save changes and restart.

You modified the policy so that, in addition to restricting access to layer 0, only cities with a population of 1 million or more are displayed.

Verify configuration

To verify the previous configuration, open the service as a non-admin user in the ArcGIS Online Web Viewer.

  1. Open the service metadata of the SampleWorldCities service as non-admin user.
    You will see only the Cities (0) layer in the Layers section.

  2. Click on ArcGIS Online Web Viewer in the View In: section.
    You will see only those features with a population of at least 1 million.

Summary

In this tutorial, you learned how to restrict access to features of a layer based on a query. You added a restriction to allow authenticated users access to features with a minimum population of 1 million of the Cities (0) layer.

For further details, refer to Feature restriction in the reference.

In the tutorial Spatial restriction you will learn how to restrict the access to features based on their location.