Migrating permissions from ArcGIS Server 9.2

If you had applied access rules to ArcGIS Services at 9.2, you can apply those permissions in the security format for this version. Three caveats apply to service permissions under the 9.3 format:

• Access rules use only roles. Users are not individually authorized.
• Manager applies only allow permissions, not deny rules.
• At 9.2, services could only be secured using Windows users and groups. You must continue to use Windows groups as roles in order to migrate security rules.

It is possible to continue managing security as at 9.2 by manually configuring access rules in the ArcGIS Services Web application. However, the recommended approach is to use the new framework for security managed by the ArcGIS Server. This will allow you to take advantage of security for services when accessed through representational state transfer (REST) protocol. Also, future versions of ArcGIS Server will support finer-grained security, such as restricting access to individual layers and to analysis operations for services. These security measures will work only with the security framework managed by ArcGIS Server.

To migrate permissions from 9.2 to 9.3:

1. Before uninstalling 9.2, make a copy of the web.config file inside <IIS applications root>\ArcGIS\Services.
2. Open the saved web.config file and make a list of each folder or service that has security settings. Each has a <location> element with the name of the folder or service. For each service or folder:
   • Note the Windows groups that are allowed access.
   • Users cannot be added under the new format. If necessary, create new Windows groups for these users and add them to the permissions.
   • Deny rules cannot be transferred, except that services inside folders can be set to not allow roles that are explicitly allowed for a parent folder. Folders can be set to not allow roles that are allowed by the root folder.
3. After installing 9.3, configure security in Manager as described in Overview of setting up users and roles.
4. Set permissions for services and folders as described in Securing Internet connections to services. When setting permissions, refer to the list compiled above to set allowed roles for services and folders.
5. Enable security for services as described in Securing Internet connections to services.