View vs. Edit Permissions?

847396730 · ‎02-07-2014

I don't see a way to constrain who can edit versus who can only view a hosted service. Is there a way to make certain users view-only?
Thank you!

847396730 · ‎02-10-2014

I am boggled by this--what is the purpose of the View/Edit toggles in the Pop-Up configuration, if not to constrain which fields are editable? Could it really be true that anyone who can see the [hosted] Feature Service can also edit the Feature Service?

TimMarquardt · ‎02-11-2014

Actually you can do this, but you have to ceate a second (no edit) map.

- Open the editable map and go to configure the pop-up
- Uncheck the Edit toggle for each field you want read-only
- Do a "save-as" of the map and call it something different than the editable map name
- Share this saved 'no-edit' map with a new group and add the read-only users to this new group
(Editors will view and edit the original editable map in another group)
- The edits will be seen on the read-only map but the users in the read only group/map cannot edit/update.

Kind of a work around, but does the trick.

847396730 · ‎02-11-2014

Thank you for the response! I tested exactly the workflow you recommend, but a browser-based user in the "read-only" map could still edit. Can you confirm that this definitely worked in your environment?

TimMarquardt · ‎02-12-2014

Yes it works, but I forgot that the method I described does not prevent users of the Read Only map from placing a new feature -- only prevents attribute updates to existing features.

However, there is another method...
Open the Read Only map and click 'Disable Editing' --found 2 places below the 'Configure Pop-up' option on the feature drop down menu. This will disable feature placement, feature movement and attribute updates. Even with this, a savvy user could still re-eable editing using this same button. For a truly read-only view, You could choose disable editing and then make a Web App (Share>Make Web Application) and choose something like the 'Legend' template. Then share the app with the Read Only Group.

847396730 · ‎02-14-2014

Thanks, again, for the suggestion. It seems though, that there can only be one definition for a hosted service. So if you disable editing for one web map, then that same service in a different map is also edit-disabled. Is that your experience as well?

TimMarquardt · ‎02-14-2014

It works on my end. You stated that "there can only be one definition for a hosted service"...
You are not disabling editing on the service in the service properties, but rather within the web map properties.
So you save the map with editing enabled. Next disable editing and then 'Save as' the web map (not the service itself) with a different name.

[ATTACH=CONFIG]31466[/ATTACH]

847396730 · ‎02-16-2014

Thanks, again, for your response. The Feature Service itself still needs to be permissioned for the person to view, which allows them to make it editable, correct?

TracyGarrison · ‎02-22-2014

It works on my end. You stated that "there can only be one definition for a hosted service"...
You are not disabling editing on the service in the service properties, but rather within the web map properties.
So you save the map with editing enabled. Next disable editing and then 'Save as' the web map (not the service itself) with a different name.

[ATTACH=CONFIG]31466[/ATTACH]

It is not really "working on your end". If your hosted feature service is set to editable and is shared publicly Anybody can find and edit your hosted feature service by adding it to their map and setting up their map to edit it!

If you have a road closure map and you think just because the map the public sees has editing disabled that the road closure service is safe. Then all the sudden all your roads are set to closed because some one found your service and started playing around with it. Until ESRI allows editing publics shared hosted feature services for users of a specific group, your service will never be safe from pranksters.

LeoDonahue · ‎02-25-2014

once you share a read only web map application with the public, the feature service behind that web map application has to be shared to the public as well.

Once you go public, there is no security left.