Skip To Content

Editor permissions for feature services

Feature services allow you to control what types of edits users can make to the service. You do this by enabling or disabling operations and properties on the Feature Access tab of the Service Editor in ArcMap.

Operations allowed on feature services

You can enable or disable the following feature service operations from the Feature Access tab of the Service Editor:

  • Create allows editors to add features to the feature service. This operation is enabled by default.
  • Delete allows editors to delete features in the feature service. This operation is enabled by default.
  • Extract allows editors to extract copies of the data to a file geodatabase or SQLite database using custom applications that use the createReplica REST operation with the syncModel parameter set to none. This operation is disabled by default.
  • Sync allows users to work with feature service data while offline. This operation is disabled by default. To learn more, see Prepare data for offline use.
  • Update allows editors to update features in the feature service. This operation is enabled by default.

The Query operation is required for users to view the data in the feature service. For this reason, the Query operation is always enabled when publishing from ArcMap and cannot be disabled.

If you require a feature service that allows users to only create features but not view, update, or delete them, you can publish the feature service from ArcMap with Create and Query operations enabled. Once published, you can open the feature service in ArcGIS Server Manager and disable the Query operation. This is useful for custom applications that require users to only input new features but not see, edit, or delete existing features. Note that the service owner and ArcGIS Server administrator can still see, edit, and delete existing features.

If you disable an operation and a user attempts to do any action corresponding to that operation, the service returns an error. Client applications, such as those built with the ArcGIS Web APIs, can check for the allowed operations before attempting to apply edits. You can design these applications to disable or limit commands to match the allowed operations.

For layers in the feature service that can store attachments, the Create or Update operation allows editors of the feature service to add an attachment to a feature. The Update operation further enables editors to update or delete an attachment that is associated with a feature. If only the Delete operation is enabled, editors can delete attachments.

If your editors will edit data from a feature service in ArcMap, enable the Create, Delete, and Update capabilities. If you don't enable all three capabilities, editors will encounter an error in ArcMap when they create a local copy of the data for editing. To learn more, see About editing data from feature services in ArcMap.

Note:

Allowed operations apply only to publishers and users. Server administrators and the service owner have full access to the service with all operations allowed.

Properties that affect editing

Feature access properties build on the operations you set and provide you with further control over what other users can do with the feature service. For example, if you enabled the Update operation, but you want editors to only edit nonspatial attributes, you can disable the Allow geometry updates property. Or, if you want editors to edit geometry, but only if the geometry does not contain true curves, you can enable Allow geometry updates but disable Allow update of true curves. The following list describes these and other editing-related properties you can set for your feature service:

  • Allow geometry updates allows editors to edit the geometry of a feature in the feature service. This is enabled by default. If you disable this option, editors can update only the nonspatial attributes of features in the feature service.
  • Allow update of true curves allows editors to update geometries even if the geometry contains a true curve. Be aware that if the editor updates a true curve geometry from any client that does not support true curves, the feature's true curve geometry will be replaced with a densified geometry.

    This operation is enabled by default and available only if you have enabled Allow geometry updates. If you disable Allow update of true curves, editors receive an error if they attempt to edit a true curve geometry.

  • Only allow true curve updates by true curve clients is enabled by default, and it helps protect your true curve data from being replaced by a densified geometry. Leave this property enabled if you want to be sure your true curve geometries are only edited with clients that are capable of preserving true curves. If your workflow does not include the use of clients that can preserve or create true curves, you can disable this property.

    Caution:

    True curve geometries are currently only supported by ArcGIS Pro 1.3 and later releases. If your data contains true curves and you enable Allow update of true curves but don't enable Only allow true curve updates by true curve clients, the geometry will be returned as a densified version of the true curve when edited from any other ArcGIS client.

  • Apply default z-value allows you to specify a default z value. If an editor adds or updates a feature through the feature service and does not specify a z-value, the default z-value is applied. For more information, see Configure default z-values for editable feature services.
  • Allow geometry updates without m-value is a setting you can use if layers within your feature service are enabled to store m-values, but you are not using the m-values. When editors edit feature geometries through the feature service, NaN m-values will be inserted if the client does not provide a value. See Configure editable feature services that contain m-enabled layers for more information.
  • Enable ownership-based access control on features allows you to restrict people from accessing features they do not own. For more information, see Ownership-based access control for feature services.
    Note:

    Ownership-based access control on features can only be used with enterprise geodatabases, not databases.

Advanced editing options

Click the Advanced Options button on the Feature Access tab to configure the following additional options related to editing data through a feature service:

  • Add realm to user name when applying edits allows you to specify a value to be appended to the ArcGIS Server user names recorded when editing through the feature service. This allows you to differentiate when a user is editing through the feature service rather than directly against the data in the geodatabase. To enable this, check Add realm to user name when applying edits and type the realm value you want added to user names. See Editor tracking for feature services for more information.
  • Create version for each option affects the behavior of sync-enabled feature services that contain versioned data. The default option is Downloaded Map. Keep this option enabled if you want to generate a version each time a map containing the feature service is taken offline. If instead you want a version generated for each user who downloads the map, enable the User option. For an explanation of the use of versioned data in offline maps, including these options, see Offline maps and versioned data.
  • Filter web content prevents input of unsupported HTML entities or attributes. This option is enabled by default and, unless your editors require the ability to input these unsupported HTML entities, do not disable Filter web content. Disabling this option allows a user to enter any text into the input fields, which exposes the service to potential cross-site scripting (XSS) attacks.

Configure multiple tiers of access

If you need to support multiple tiers of users, each requiring different operations, the recommended approach is to create one service for each level of user. For example, you could create a Professors service that might have all operations allowed. Along with that, you could create a less-privileged Students service with only Create, Query, and Upload operations allowed.