Organization roles

A role defines the privileges that a member has within the organization. ArcGIS defines a set of privileges for the user, publisher, and administrator roles. In addition, organizations can define privileges at a more detailed level by creating and assigning custom roles.

  • Users—See a customized view of the site, use the organization's maps, apps, layers, and tools, and join groups owned by the organization. Users can also create maps and apps, add items, share content, and create groups.
  • Publishers—User privileges plus the ability to publish features and map tiles as hosted web layers. They can also perform analysis on layers in maps.
  • Administrators—User and publisher privileges plus privileges to manage the organization and other users. An organization must have at least one administrator. However, there are no limits on how many roles can be assigned within an organization. For example, if an organization has five members, all five members can be administrators.
  • Custom—A specific set of privileges defined by the administrator. For example, you might have access to maps and apps but cannot create groups. Or you might have privileges to publish features but not tiles. Check with your administrator for the specific privileges in your organization's custom roles.

Role privileges

Privilege

User

Publisher

Administrator

Custom

Use maps and apps

YesYesYesYes

Use subscriber content

YesYesYesYes

Use premium content

YesYesYes

Optional

Create content

YesYesYes

Optional

Share maps and apps

YesYesYes

Optional

Join and create groups

YesYesYes

Optional

Edit features

YesYesYes

Optional

Publish hosted web layers

YesYes

Optional

Perform analysis

YesYes

Optional

Manage Open Data sites

Yes

Optional

Invite users to organization

Yes

Optional

Manage organization resources

Yes

Optional

View subscription status

Yes

Optional

Configure website

Yes

Create custom roles

Yes

ArcGIS Marketplace provider (requires organization authorization)

Yes

Custom roles

Organizations might want to refine the standard roles into a more fine-grained set of privileges. For example, members who work with the organization's private maps and apps but do not have a need to create content can be added to the organization in a custom-defined viewer role. In addition, some administrative tasks such as inviting users or managing content can be designated to members through a custom role. There may be cases where members need to have the default administrator role instead of a custom role. For example, only default administrators can configure the website and create custom roles. Administrators configure custom roles based on any combination of the general and administrative privileges listed below. If you have a custom role, check with your administrator for the specific privileges it has.

General privileges

Members who perform specific tasks within the organization—create maps or edit features, for example—can have custom roles that give them the general privileges they need to work and share with groups, content, and features.

  • Create, update, and delete groups.
  • Join organizational groups.
  • Join external groups.
  • Create, update, and delete content.
  • Publish hosted feature layers.
  • Publish hosted tile layers.
  • Publish hosted scene layers.
  • Share with groups.
  • Share with organization.
  • Share with public.
  • Make groups visible to organization.
  • Make groups visible to public.
  • Make groups available to open data sites.
  • Use Esri World Geocoder to convert addresses to map points (geocoding) such as when publishing a CSV file of addresses as hosted feature layers or adding a CSV file of addresses to a map. Does not apply to custom geocoders configured for the organization.
  • Perform network analysis tasks such as create drive-time areas.
  • Perform spatial analysis tasks such as create buffers.
  • Use GeoEnrichment to enrich features.
  • Use premium demographic map layers.
  • Perform elevation analysis tasks on elevation data.
  • Edit features based on permissions set on the layer.
  • Edit features with full control on editable hosted feature layers.
  • Manage open data sites.

Administrative privileges

The privileges listed below allow custom roles to assist the default administrators with managing members, groups, and content in the organization. These custom administrative roles do not contain the full set of privileges of the default administrator role.

  • View all member account info.
  • Update member account info.
  • Delete members from the organization (only default administrators can delete other default administrators).
  • Invite members to the organization.
  • Disable members from the organization.
  • Change roles of members (only default administrators can change the role to and from the default administrator role).
  • Manage licenses for members.
  • View group owned by members.
  • Update group owned by members.
  • Delete group owned by members.
  • Reassign ownership of groups.
  • Assign members to groups and remove members from groups.
  • View content owned by members.
  • Update content owned by members.
  • Delete content owned by members.
  • Reassign ownership of content.
  • Request purchase information in ArcGIS Marketplace.
  • Start trials in ArcGIS Marketplace.

Privileges for common workflows

Some workflows require a combination of privileges. If you cannot perform a function that you think your role should be able to do, verify that your administrator has enabled the full set of required privileges.

In order to...

You need privileges to....

Use the analysis tools

Create content, publish hosted feature layers, and use spatial analysis. Some tools require privileges to use GeoEnrichment or network analysis.

Publish hosted feature layers

Create content, publish hosted feature layers, and use geocoding (to publish CSV files with addresses).

Publish hosted tile layers

Create content and publish hosted tile layers.

Publish hosted scene layers

Create content, publish hosted feature layers, and publish hosted scene layers.

Publish apps from the map viewer or group page

Create content and share items (with groups, organization, or public).

Embed maps or groups

Create content and share items with public.

Manage content owned by members

View all member account info; view content, update content, delete content, and reassign content.

Manage groups owned by members

View all member account info; view group, update group, reassign group, delete group, and add member to group.

Manage member profiles

View all member account info and update member account info.

Make groups available to open data sites

Make groups visible to public and make groups available to open data sites.

View subscription status

View all member account info, view all content, and view all groups.

Add, update, and delete features in hosted feature layers that have editing enabled for add or update only

Edit features and edit with full control.

Reserved privileges

The privileges listed below are reserved for the default administrator.

  • Configure website.
  • Configure custom roles.
  • Set up enterprise logins.
  • Manage credit budgets.
  • Enable and disable Esri access on member accounts.
  • Disable multifactor authentication on member accounts.
  • Change member role to or from administrator.
  • Remove other administrators from the organization.
  • Move member content to different folders within the member's My Content page.
  • Share content with public when organization does not allow members to share outside the organization.
  • Create and own groups that allow members to update all items in the group.