SSP has written several posts related to ArcGIS Online security.  I have linked them below.  I wanted to contribute to our team’s work by starting at basic roles and their assignments.  I also wanted to touch on the creation of custom roles.  In a couple of weeks, I hope to publish a “B-Side” to this post related to ArcGIS Online groups.

There are three basic core roles within ArcGIS Online which are not editable in terms of their privileges that each contain:

• User – Ability to utilize/view the organization’s shared maps and layers.  Can also create/share maps and create/join groups.
• Publisher – Privileges of the User.  Can also publish maps and features.
• Administrator – Privileges of both the User and Publisher.  Can manage the organization, including the privileges of other users.  There must be at least one Administrator in an organization, and there can be multiple members assigned to this role.

An initial role is assigned for each user when added/invited to the ArcGIS Online Organization/Account by following the procedures below.

• Logging into ArcGIS Online as an Administrator, click the “MY ORGANIZATION” option and then the “INVITE MEMBERS” option (Figure 1).

• We are presented with an option for the method of addition (Figure 2).  I have selected the “Send invitations to preestablished user names”.

• We now enter the information choosing the “One at a time” tab in Step 2 of 3 (Figure 3).  Note that there is also a way to add members from a CSV file with the header format of Email, First Name, Last Name, Username, Role.

• Once we have entered the information we can either “INVITE ANOTHER” or “REVIEW INVITATION(S)”.  I am choosing “REVIEW INVITATION(S)” (Figure 3).
• In Step 3 of 3, verify the supplied information (Figure 4) and click the “SEND INVITATIONS” button.

• Coach Stoops will now get an email with a link to complete the process (Figure 5).

• Coach Stoops now shows up in the list of current members of the organization (Figure 6).  His initial role of “User” can be modified anytime.  Note that I have obscured other users for security reasons.

CUSTOM ROLES

As stated previously, there is no way to modify the core privileges.  ArcGIS Online does have the ability to create a custom role(s) in the event an organization wishes to restrict/add privileges further.   For example, a custom role(s) should be considered if this small sample of privileges is concerning for the User role:

• Creation of Groups
• Sharing of Maps (Including the Public)
• Feature Editing

To create a custom role, follow these procedures:

• As an Administrator, click “MY ORGANIZATION” and the left most option “EDIT SETTINGS” (Figure 7).

• In the next window that appears, click the “Roles” button and the green “CREATE ROLE” button (Figure 8).

• In the resultant window (Figure 9), give the new role a name (i.e., AGOL_Viewer), provide a brief description, and select from a predefined template list (i.e., User).  Upon selection of the template, the opinions enable to add/remove privileges.  To minimize work, your template choice should closely match the desired privileges.

• In the example shown in Figure 10, I am removing the following privilege options:
  1. Create, update, and delete Groups
  2. All Sharing
  3. Feature Editing

• When satisfied with the new role’s privileges, click the “SAVE ROLE” button.
• The new role now appears in the list of options (Figure 11).  Note that we also have the ability to further modify (pencil) or delete (red “X”) this new role.

Any insite on the creation of custom roles?  What privileges are most commonly added/removed from Users?  Your comments are highly encouraged.