Getting started

This section describes how security.manager NEXT can be activated for the service SampleWorldCities and how to restrict access to an individual layer. The service SampleWorldCities is part of each standard installation of ArcGIS Enterprise.

Preconditions

  • The service SampleWorldCities is available in the root folder of your ArcGIS Server. Make sure the service is started.

  • Public access for SampleWorldCities in ArcGIS Server Manager is disabled:

    • For federated ArcGIS Server: Verify the sharing settings by clicking Sharing Properties and make sure the value Everyone (public) is not selected, and the ArcGIS organization (the option below) is selected.

    • Otherwise: Verify the security settings of the service by clicking Button Sicherheitseinstellungen. Make sure that PrivateAllow access to all Users who are logged in is selected.

Protect the service

  1. Open Manager UI in the Browser via https://<tomcat-host>/secman-next and log in with an administrative account.

  2. To activate security.manager NEXT for SampleWorldCities, select the Service Manager tab.

    In case you are asked to select a Federated Server, select the one that hosts the SampleWorldCities service.

  3. Select Root Folder and, next to SampleWorldCities, click service menuActivate security.managerActivate. This will restart the service, and the icon changes to security.manager activated.

  4. To create a new policy, click service menuEdit permissions.

    As a policy you can use the following example:

    {
    "policies": [
        {
            "layers": ["0"],
            "roles": ["enhancedSecurity_authenticated"]
        }
    ]
}

    Alternatively you can edit the policy in a text editor, and upload it as file, or simply drag and drop it on the dialog. In section Policy Format you can learn more about the format and available policy features.

  5. Click Save changes and restart

Review permissions

A policy is a combination of layers, roles, and optional restrictions. Therefore, multiple permissions result from a single policy. These can be reviewed as follows.

A service must be started in order to view its policies.

Authorized layers

  1. Select the Policies tab, if needed select your ArcGIS Server, and click on Root FolderSampleWorldCities.

  2. Select the Resources View.

  3. Navigate to the service of interest.
    The list of displayed services can be filtered by selecting a folder and/or using the filtering options at the top of the Folders and Services column.

  4. Check that for layer Cities - 0, one permission is indicated in the icon.

  5. Click on Cities - 0 to review the actual permission.

Authorized groups

  1. Switch to the Groups View and select Authenticated UsersRoot FolderSampleWorldCities.

  2. Review the actual permission and verify that only the layer Cities - 0 is permitted.

Access the service

Administrative users always have full access.

  1. Open ArcGIS Server Manager.

  2. Navigate to SampleWorldCitiesCapabilitiesMapping.

  3. Open the REST URL in the lower part of the Capabilities page in an incognito browser window.

  4. Log in as a non-administrative user and verify that under Layers only Cities (0) is listed.

  5. Click on ArcGIS Online Map Viewer and verify that only the Cities layer is loaded into the map.