Note:This topic was updated for 9.3.1.
If you want to let other database users view or modify the contents of any datasets in an ArcSDE geodatabase, you must grant them the privilege to do so.
The steps you take to grant or revoke privileges on datasets vary depending on how you connect to your ArcSDE geodatabase.
When you access datasets in a geodatabase through a database server connection, the permissions you can grant to nonadministrative users on a dataset are read-only, read/write, or none. Read only permission means the user can select the dataset but not alter it. Read/write permission allows the user to edit the dataset. If a user's permission to a dataset is none, the user will not be able to view or access the dataset at all.
As indicated in the topic Administering user permissions for ArcSDE database servers
, you can also set user permissions at the database server and geodatabase levels. Doing so will have an impact on what types of permissions you can grant at the dataset level.
- If the user is a database server administrator or geodatabase administrator, he or she automatically has read/write permissions on all the datasets in the geodatabase; you cannot grant lesser permissions on a dataset—such as read-only—to this user.
- If a user was granted read/write permission at the geodatabase level, he or she automatically has read/write permission on the datasets in that geodatabase. Again, you cannot change that user's dataset permissions to read-only or none.
- If a user has read-only geodatabase permission, you can grant that user read/write permission to specific datasets.
- If a user's geodatabase-level permission is none, you can grant that user read-only or read/write permission to any dataset in the geodatabase.
For datasets accessed through a spatial database connection in ArcCatalog, you have several options when granting privileges. You can specify that a user has no privileges by not checking any of the options on the Privileges dialog box. You can grant SELECT privileges, meaning the user can read but not modify the contents of a dataset. You can also grant a user read/write privileges (SELECT, UPDATE, INSERT, and DELETE), which allows the user to both view and modify the contents of a dataset.
The privileges that allow a user to modify a dataset (UPDATE, INSERT, and DELETE) are granted and revoked as a group; for example, if you grant the UPDATE privilege, INSERT and DELETE are also granted. For geodatabases stored on ArcSDE database servers, this is the equivalent of choosing Read/Write on the dataset Permission dialog box accessed through the ArcSDE database server connection.
When you create a spatial database connection to a geodatabase that is stored on a database server and use the Privileges dialog box to alter a user's access to a dataset, the same rules described above about overriding permissions apply. For example, if the user is a geodatabase administrator, you cannot use the Privileges dialog box to change the user's dataset access to SELECT.
NOTE: Granting or revoking privileges on a feature dataset causes all of its contents to have the same privilege changes; for example, you cannot grant a user different permissions on a feature class inside a feature dataset. However, if you add a feature class to a feature dataset, you must reset privileges on the feature dataset so it includes the new feature class.