Skip To Content

Levels, roles, and privileges

In this topic

Organizations can use, create, and share a wide range of geographic content, including maps, scenes, apps, layers, and analytics. The ability of individual organization members to access and work with content in different ways depends on the privileges they have in the organization. Levels allow organizations to control the scope of privileges that can be assigned to members through roles.

Levels

Organizations use levels to allocate accounts based on the privileges that members need. Members are assigned a level when they are invited to the organization. The level determines which privileges are available to the member. ArcGIS offers two levels of membership.

Level 1 membership is for members who only need privileges to view content, such as maps and apps, that has been shared with them through the organization, as well as join groups within the organization. Level 2 membership is for members who need to view, create, and share content and own groups, in addition to other tasks.

For example, a content creator assigned a level 2 account can create and share a site selection app with a group of users in their organization. This app allows users to select a specific site and view attribute information about the site that should only be available to internal employees. A member with a level 1 account can join the group and view and interact with the app.

Roles

A role defines the set of privileges assigned to a member. Privileges are assigned to members through a default role or a custom role. Members are assigned a role when they are invited to the organization.

Note:

Once the member joins, their role can be changed by administrators and those with privileges to change member roles. Changing roles to or from administrator can be done only by administrators.

Default roles

ArcGIS Online defines a set of privileges for the following four default roles:

  • Viewer—View items such as maps, apps, demographics, and elevation analysis layers that have been shared with the member. Join groups owned by the organization. Use network analysis and geocoding. Members assigned the Viewer role cannot create, own, or share content, or perform analysis or data enrichment. The Viewer role can be assigned to level 1 or level 2 accounts.
  • UserViewer privileges plus the ability to see a customized view of the site, use the organization's maps, apps, layers, and tools, and join groups owned by the organization. Members assigned the User role can also create maps and apps, add items, share content, and create groups. The User role can be assigned to level 2 accounts.
  • PublisherUser privileges plus the ability to publish features and map tiles as hosted web layers. Members assigned the Publisher role can also perform analysis on layers in maps. The Publisher role can be assigned to level 2 accounts.
  • AdministratorPublisher privileges plus privileges to manage the organization and other users. An organization must have at least one administrator. However, there is no limit to the number of roles that can be assigned within an organization. For example, if an organization has five members, all five members can be administrators. The Administrator role can be assigned to level 2 accounts.

The following table shows the privileges defined for each of the default roles.

PrivilegeDefault role

Viewer

User

Publisher

Administrator

Use maps and apps

YesYesYesYes

Use geosearch

YesYesYesYes

Use demographics

YesYesYesYes

Use elevation analysis

YesYesYesYes

Use geocoding

YesYesYesYes

Use network analysis

YesYesYesYes

Join groups without item update capability

YesYesYesYes

Join groups with item update capability

YesYesYes

Use subscriber content

YesYesYes

Use spatial analysis

YesYesYes

Use GeoEnrichment

YesYesYes

Create content

YesYesYes

Share maps, apps, and scenes

YesYesYes

Create groups

YesYesYes

Edit features

YesYesYes

Publish hosted web layers

YesYes

Perform analysis

Yes Yes

Manage Open Data sites

Yes

Invite users to organization

Yes

Manage organization resources

Yes

View subscription status

Yes

Configure website

Yes

Create custom roles

Yes

ArcGIS Marketplace provider (requires organization authorization)

Yes

Set up enterprise logins

Yes

Manage credit budgets

Yes

Enable and disable Esri access on member accounts

Yes

Disable multifactor authentication on member accounts

Yes

Change member role to or from administrator

Yes

Remove other administrators from the organization

Yes

Move member content to different folders within the member's My Content page

Yes

Share content with public when organization does not allow members to share outside the organization

Yes

Create and own groups that allow members to update all items in the group

Yes

Custom roles

Organizations may want to refine the default roles into a more fine-grained set of privileges by creating custom roles. For example, your organization may want to assign some members the same privileges as a default User but without allowing them to edit feature data. This could be achieved by creating a custom role based on the default User role, turning off the editing privileges, and calling the custom role User without Editing or something similar.

Only default administrators—that is, those who have been assigned the Administrator role—can create, configure, and assign custom roles. Default administrators configure custom roles based on any combination of available general and administrative privileges. If you have a custom role, ask your administrator for a list of associated privileges.

The privileges that can be granted to a member through a custom role cannot exceed those associated with their assigned member level. For example, if a level 1 member is assigned a custom role that has more privileges than a level 1 account allows, the additional privileges will be disabled for that member.

Privileges

Privileges allow organization members to perform different tasks and workflows in an organization. For example, some members have privileges to create and publish content, while others have privileges to view content but cannot create their own.

General privileges

Members who perform specific tasks within the organization—create maps or edit features, for example—can be assigned the general privileges they need to work and share with groups, content, and features.

General privileges

Groups

Create, update, and delete

Join organizational groups

Join external groups

Content

Create, update, and delete

Publish hosted feature layers

Publish hosted tile layers

Publish hosted scene layers

Sharing

Share with groups

Share with organization

Share with public

Make groups visible to organization

Make groups visible to public

Make groups available to Open Data

Premium Content

Geocoding: Use Esri World Geocoder to convert addresses to map points (geocoding) such as when publishing a CSV file of addresses as hosted feature layers or adding a CSV file of addresses to a map (does not apply to custom geocoders configured for the organization)

Network Analysis: Perform network analysis tasks such as create drive-time areas

Spatial Analysis: Perform spatial analysis tasks such as create buffers

GeoEnrichment: Use GeoEnrichment to enrich features

Demographics: Use premium demographic map layers

Elevation Analysis: Perform elevation analysis tasks on elevation data

Features

Edit: Edit features based on permissions set on the layer

Edit with full control: Edit features with full control on editable hosted feature layers

Open Data

Manage Open Data site(s)

Administrative privileges

The privileges listed below allow custom roles to assist the default administrators with managing members, groups, and content in the organization. These custom administrative roles do not include the full set of privileges reserved for default administrators—that is, those assigned the Administrator role.

Administrative privileges

Members

View all: View all member account information

Update: Update member account information

Invite: Invite members to the organization

Disable: Disable members from the organization

Change roles: Change roles of members

Note:

Only default administrators can change the role to and from the Administrator role.

Manage licenses: Manage licenses for members

Groups

View all: View group owned by members

Update: Update group owned by members

Delete: Delete group owned by members

Reassign ownership: Reassign ownership of groups

Assign members: Assign members to groups and remove members from groups

Content

View all: View content owned by members

Update: Update content owned by members

Delete: Delete content owned by members

Reassign ownership: Reassign ownership of content

ArcGIS Marketplace subscriptions

Request purchase information: Request purchase information in ArcGIS Marketplace

Start trials: Start trials in ArcGIS Marketplace

Privileges for common workflows

Some workflows require a combination of privileges. If you cannot perform a function that you think your role should allow you to perform, verify that your administrator has enabled the full set of privileges required for the function.

WorkflowRequired privileges

Use the analysis tools

  • Create content
  • Publish hosted feature layers
  • Use spatial analysis
Note:

Some tools require privileges to use GeoEnrichment or network analysis.

Publish hosted feature layers

  • Create content
  • Publish hosted feature layers
  • Use geocoding (to publish CSV files with addresses)

Publish hosted tile layers

  • Create content
  • Publish hosted tile layers

Publish hosted scene layers

  • Create content
  • Publish hosted feature layers
  • Publish hosted scene layers

Publish hosted elevation layers

  • Create content
  • Publish hosted tile layers

Publish apps from the map viewer or group page

  • Create content
  • Share items (with groups, organization, or public)

Embed maps or groups

  • Create content
  • Share items with public

Manage content owned by members

  • View all member account information
  • View content
  • Update content
  • Delete content
  • Reassign content

Manage groups owned by members

  • View all member account information
  • View group
  • Update group
  • Delete group
  • Reassign group
  • Add member to group

Manage member profiles

  • View all member account information
  • Update member account information

Make groups available to open data sites

  • Make groups visible to public
  • Make groups available to open data sites

View subscription status

  • View all member account info
  • View all content
  • View all groups

Add, update, and delete features in hosted feature layers that have editing enabled for add or update only

  • Edit features
  • Edit with full control