If you had applied access rules to ArcGIS Services at 9.2, you can apply those permissions in the security format for
this version. Three caveats apply to service permissions under the
9.3 format:
- Access rules use only roles. Users are not individually
authorized.
- Manager applies only allow permissions, not deny rules.
- At 9.2, services could only be secured using Windows users and
groups. You must continue to use Windows groups as roles in order
to migrate security rules.
It is possible to continue managing security as at 9.2 by
manually configuring access rules in the ArcGIS Services Web
application. However, the recommended approach is to use the new
framework for security managed by the ArcGIS Server. This will
allow you to take advantage of security for services when accessed
through representational state transfer (REST) protocol. Also, future versions of ArcGIS Server
will support finer-grained security, such as restricting access to
individual layers and to analysis operations for services. These
security measures will work only with the security framework managed by ArcGIS Server.
To migrate permissions from 9.2 to 9.3:
- Before uninstalling 9.2, make a copy of the web.config file
inside <IIS applications root>\ArcGIS\Services.
- Open the saved web.config file and make a list of each folder or service that has security settings. Each has a
<location> element with the name of the folder or service.
For each service or folder:
- Note the Windows groups that are allowed access.
- Users cannot be added under the new format. If necessary,
create new Windows groups for these users and add them to the
permissions.
- Deny rules cannot be transferred, except that services inside
folders can be set to not allow roles that are explicitly allowed
for a parent folder. Folders can be set to not allow roles that are
allowed by the root folder.
- After installing 9.3, configure security in Manager as
described in Overview of setting up
users and roles.
- Set permissions for services and folders as described in
Securing
Internet connections to services. When setting permissions,
refer to the list compiled above to set allowed roles for services
and folders.
- Enable security for services as described in Securing
Internet connections to services.