ArcGIS Enterprise security model

Security is a pillar of a well-architected ArcGIS system. ArcGIS Enterprise uses an identity-based security model. Any content such as layers, services, maps, and apps is secured through groups in ArcGIS Enterprise. These groups are created in the organization; you can add users manually to these groups, or you can link them to groups from your identity store, such as an Active Directory-based, LDAP-based, or SAML-based identity provider.

For an individual to access content secured in a group, they must be a member of your organization and have an identity in your ArcGIS Enterprise organization. When you create an identity for a user, you assign them a role. This role defines a specific set of privileges for the user. For example, you can define the type of information a user can search, edit, or create. To learn more about the type of privileges you can grant members of your organization, see Levels, roles, and privileges. You can also allow anonymous access to public content in ArcGIS Enterprise.

When you federate an ArcGIS Server site, the ArcGIS Enterprise security model takes over. Any content that already resides on your ArcGIS Server site will automatically be owned by the administrator account that performs the federation. To enable access, you need to share the items to the appropriate group or groups.