As an administrator of your organization, you can configure custom roles to add control and flexibility to the default Viewer, Data Editor, User, Publisher, and Administrator roles in an organization. For example, you might have some members who need access to your maps and apps but do not need to create groups, and you might have other members who need to publish hosted feature layers but not hosted tile layers.
Your organization might have certain members who are responsible for creating content such as story maps and hosted feature layers but also need to join and share content with groups. A custom role with general privileges to publish hosted feature layers, share with groups, and geocode would be required for these workflows. Another common example is a member who needs to create and publish content in addition to certain administrative tasks such as inviting users into an organization and assigning department members to the correct groups. This custom role would require all general privileges and the following administrative privileges: all privileges in the Members category and the privilege to assign members to groups.
You can use predefined templates to get started and further refine the privileges based on the specific workflows in your organization. Some privileges are reserved for the administrator.
You can also assign roles in bulk to existing members.
- Verify that you are signed in as an administrator of your organization.
- At the top of the site, click Organization and click the Settings tab.
- Click Member Roles on the left side of the page.
- Create, update, or assign member roles:
- To create a custom role, click Create Role and provide a name and description for the role. The name must be unique within your organization and can contain up to 128 characters. They are not case sensitive. Administrator, Publisher, User, Data Editor, and Viewer cannot be used as names for custom roles. The description can have up to 250 characters. If preferred, you can change the privilege compatibility setting and review the compatible user types and available privileges. Optionally, choose to import settings from an existing role or template on which to base the new custom role. Select the privileges for the custom role and click Save role.
Caution:
Some workflows require a combination of privileges. For example, to publish hosted tile layers or publish hosted feature layers, you also need privileges to create content. To publish apps from Map Viewer or group pages, you need privileges to share items and create content.
- To view information about a role, click the Role Information button in the row of the role. A pop-up appears with a description and a list of privileges. The row also contains the number of members assigned to each role.
- To edit one of your custom roles, click the Edit Role button in the row of the role. Change the name, description, or privileges, and click Save role.
- To delete one of your custom roles, click the Delete Role button in the row of the role. You cannot delete a role that is currently assigned to a member or a default role (Administrator, Publisher, User, Data Editor, or Viewer).
- To assign a role to existing members, click Assign Roles. Search for members by name, group, or role, and then filter by user type. Click the name or names from the filtered members list or click Add All to select members. Click Next. Choose the new role to assign the selected members, and click Assign.
Tip:
When selecting a user type or role from the drop-down list, you can start typing a user type or role name to filter the list.
Note:
You can only assign the Administrator role to a member if you are a default administrator of your organization. You must also be a default administrator to change a role from default administrator to any other role.
- To create a custom role, click Create Role and provide a name and description for the role. The name must be unique within your organization and can contain up to 128 characters. They are not case sensitive. Administrator, Publisher, User, Data Editor, and Viewer cannot be used as names for custom roles. The description can have up to 250 characters. If preferred, you can change the privilege compatibility setting and review the compatible user types and available privileges. Optionally, choose to import settings from an existing role or template on which to base the new custom role. Select the privileges for the custom role and click Save role.
Templates
Templates contain a set of predefined privileges for common workflows such as consuming content and curating data. Use them as they have been configured or further customize them by adding and removing the privileges that fit the needs of your organization. The following templates are currently available:
- Analyst—Mapcentric staff who create maps, use standard, raster, or GeoAnalytics tools, view content and groups shared with the organization, share content across the organization or with groups, publish hosted feature layers, and edit features.
- Author—Content creators who view content and groups shared with the organization, perform standard feature analysis, edit features, create groups, and publish hosted tile layers.
- Student—Members of a school organization who have general privileges to create content, view content and groups shared with the organization, join groups, share content with groups and the organization, and edit features.
- Publisher—Esri-defined publisher role that, in addition to the Author template privileges, allows members to share content with the public and make groups visible inside and outside the organization (depending on the security settings of the organization).
- User—Esri-defined user role that can create content and groups and share them inside and outside the organization (depending on the security settings of the organization).
- Data Editor—Esri-defined editor role that can edit features, interact with maps, and view content shared with them in groups.
- Viewer—Esri-defined viewer role that allows members to interact with maps, view content and groups shared with the organization, and view content shared with them in groups.
Recommended workflow
Before you assign custom roles to members, you may want to test that the set of privileges in the role work as you intend. A recommended workflow is to define your custom role and assign it to an account where you can verify your desired privileges. You can edit the role, if necessary, and assign it to members of your organization.
Assign a default role and user type
If you create a custom role that applies to most of the members of your organization, you can set it as the default role by choosing the role from the Default role for new members drop-down list. Additionally, you can set a Default user type for new members. All members added to the organization after you set the default role and user type will be initially assigned accordingly.
You can use the portal website to choose a default role and user type for new accounts.
- Log in to the portal website as an administrator of your organization and click Organization.
- Click Settings.
- Click Member Roles on the left side of the page.
- Specify the default user type for new accounts. You can choose any user type that is available to your organization.
- Specify the default role for new accounts. You can set the default role as a publisher, user, viewer, data editor, or custom role, depending on the roles compatible with the selected default user type.
- Click Save Defaults to save your changes.