Note:This topic was updated for 9.3.1.
What are user permissions?
A user's permissions determine what he or she is authorized to do with the data and the geodatabase and should be assigned based on the type of work the person does within the organization. Is the user involved with administration of the geodatabase? Does the user need to edit or create data? Would the user only need to query the data?
Users or groups of users are given permissions that affect what they can do in the geodatabase. Some users can only connect to the geodatabase. These are read-only users. Other users can connect to the geodatabase and create datasets. Others can connect to the database and edit datasets but not create or delete them. Some can perform administrative tasks such as creating backup files or performing a compress operation.
Types of users based on permissions
Common categories or groups of geodatabase users are
If you are using ArcSDE geodatabases for SQL Server Express, all users added to the database server who have access to data will fall into one of these groups. They are described in User permissions for geodatabases on ArcSDE database servers.
For geodatabases created under ArcGIS Server Enterprise licensing, these groupings are not mandatory, but many organizations find their workflows usually include these categories of users. Go to the following topics to see lists of the permissions needed for data viewers, editors, and creators and the ArcSDE administrative user in each of the supported database management systems.
User permissions for geodatabases in DB2User permissions for geodatabases in InformixUser permissions for geodatabases in OracleUser permissions for geodatabases in PostgreSQLUser permissions for geodatabases in SQL Server
- Data viewers (read-only users)
- Data editors (read/write users)
- Data creators (read/write users with privileges in the database that allow them to create database objects)
- Geodatabase and/or database instance administrators
Types of permissions
User permissions are set for the database itself, versions of the geodatabase, and for the datasets in the database.
- Database permissions
These permissions determine what a user or group of users can do in or to the geodatabase; for example, whether users can create new datasets or administer the geodatabase.
- Version permissions
Permissions can also be set to control user access to a geodatabase version. This is a special type of database permission that is not set through the DBMS. Instead, when a new geodatabase version is created, the creator of the version decides what type of access other users will have to the version. If the version is created as Public, all users can access and modify it. If it is created as a Private version, only the creator of the version can access it. If the version is Protected, other users can view the version but only the creator can modify it.
See Creating versions and setting permissions in the "Data management workflows, transactions, and versioning" section of the help for more information on setting permissions to geodatabase versions.
- Dataset permissions
Dataset permissions determine what a user can do with a particular dataset—can the user edit the dataset or only select data from it?
Permission to work with specific datasets is controlled by the user who owns the data (the one who created or imported the data to the geodatabase). Users are granted either read-only (SELECT) permission or read/write (UPDATE, INSERT, and DELETE) permissions. These dataset permissions determine whether or not a user is an editor; if a user has no UPDATE, INSERT, or DELETE permissions on any datasets, he is not an editor.
See Granting and revoking privileges on datasets for information on assigning user rights to datasets.