When you create a service, Web access is automatically enabled. You can choose to limit the types of operations that can be performed with the service, or restrict access to a select group of users. If you don't need or want Internet clients to access the service, you can disable Web access completely.
Turning off Web access
If you don't want Internet clients to access a service, you need to explicitly disable Web access.
Turning off Web access in Manager
To disable Web access for a service in Manager, follow the steps below. The service must be stopped when you perform these steps. See Starting, stopping, and pausing services for instructions.
- In Manager, click the Services tab.
- In the list of services, find the service for which you want to disable Web access and click its Edit link.
- In the menu on the left, click Capabilities.
- Uncheck the box next to Enable Web Access.
- Click Finish.
- Start the service.
Turning off Web access in ArcCatalog
To disable Web access for a service in ArcCatalog, follow the steps below. The service must be stopped when you perform these steps. See Starting, stopping, and pausing services for instructions.
- Make an administrative connection to the server. See Connecting to a GIS server in ArcCatalog for instructions.
- Find the service for which you would like to disable Web access.
- Right-click the service and click Disable Web Access.
Note: For map services, the steps above only disable Web access for the Mapping capability. You can disable Web access for other capabilities in the Service Properties page, in the Capabilities tab.
Requiring an encrypted connection
You can configure your services to be visible only when a client is connecting through a Secure Socket Layer (SSL). SSL connections are encrypted and are commonly used to send sensitive information, such as credit card transactions, over the Internet. When making an SSL connection, the URL begins with "https". Setting up an SSL connection requires the use of your Web server administration software; refer to that documentation for information on how to configure SSL.
Requiring encrypted connections is done at the GIS server folder level. In the folder properties, you can check the option "Require Encrypted Web Access". All of the services in that folder will then be accessible only when an SSL connection is being made.
Limiting what users can do with the service
To make it easy to control how your Web services are used, each type of service has a set of allowed operations. Each operation consists of a set of methods that can be enabled or disabled as a group. Clients of the Web service can only call the methods of the operations that have been allowed.
Suppose you wanted to allow consumers of a mapping Web service to draw the map but not to query the data sources of the map's layers. You would then need to disable the Query operation and ensure that the Map operation was allowed.
If you create a service using the Add New Service wizard (as opposed to the Publish GIS Resource wizard) you can choose the allowed operations as you create the service. No matter how you originally created a service, you can change which operations are allowed on an existing service by editing the service's properties. The available operations are listed in the Capabilities panel.
The following tables list which methods are included in each operation:
| Map | Query | Data |
|---|---|---|
| GetDocumentInfo | Identify | Find |
| GetLegendInfo | QueryFeatureCount | QueryFeatureData |
| GetMapCount | QueryFeatureIDs | |
| GetMapName | QueryHyperlinks | |
| GetDefaultMapName | GetSQLSyntaxInfo | |
| GetServerInfo | ||
| GetSupportedImageReturnTypes | ||
| ExportMapImage | ||
| IsFixedScaleMap | ||
| ToMapPoints | ||
| FromMapPoints | ||
| HasSingleFusedMapCache | ||
| GetTileCacheInfo | ||
| GetMapTile | ||
| HasLayerCache | ||
| GetLayerTile | ||
| GetVirtualCacheDirectory | ||
| GetCacheName | ||
| ComputeScale | ||
| ComputeDistance |
The default allowed operations for map services are Map, Query, and Data.
| Geocode | ReverseGeocode |
|---|---|
| GeocodeAddress | ReverseGeocode |
| GeocodeAddresses | |
| StandardizeAddress | |
| FindAddressCandidates | |
| GetAddressFields | |
| GetCandidateFields | |
| GetIntersectionCandidateFields | |
| GetStandardizedFields | |
| GetStandardizedIntersectionFields | |
| GetResultFields | |
| GetDefaultInputFieldMapping | |
| GetLocatorProperties |
The default allowed operations for geocode services are Geocode and Reverse Geocode.
| Query | Data | Replica | Schema |
|---|---|---|---|
| get_Domains | ExtractData | CreateReplica | AddDomain |
| get_Replicas | SearchData | ExportReplicaDataChanges | DeleteDomain |
| get_Versions | ImportReplicaDataChanges | CreateDataset | |
| get_DefaultWorkingVersion | RenameDataset | ||
| get_DataElements | Validate | ||
| GetServerInfo | |||
| ExportMapImage | |||
| GetSupportedImageReturnTypes | |||
| GetLegendInfo | |||
| ToMapPoints | |||
| FromMapPoints |
The default allowed operations for geodata services are Query and Data.
| Globe | Animation | Query |
|---|---|---|
| Get_Version | Get_Animation | Identify |
| Get_LayerCount | Find | |
| Get_LayerInfos | ||
| Get_LegendInfos | ||
| Get_Config | ||
| Get_MQT | ||
| Get_Configuration | ||
| Get_Tile | ||
| Get_Symbols | ||
| Get_Textures | ||
| Get_VirtualCacheDirectory |
The default allowed operations for globe services are Globe, Animation, and Query. Unlike with map services, the Query operation covers both Identify and Find.