Member roles

A role defines the set of privileges assigned to a member. Privileges are assigned to members through a default role or a custom role. Members are assigned a role when they are invited to the organization.

If you're not sure what role you were assigned or if you need more information about your role, click the Role Information button Role Information in the Role section of your profile.


Once a member joins, their role can be changed by administrators and those with privileges to change member roles. Changing roles to or from administrator can be done only by administrators.

Default roles

ArcGIS Online defines a set of privileges for the following default roles:


A member's user type determines the default roles that can be assigned to them. User types compatible with each role are noted below.

  • Viewer—View items such as maps, apps, demographics, and elevation analysis layers that have been shared by other ArcGIS users. Those assigned the Viewer role can join groups owned by the organization, as well as use geocoding, geosearch, and network analysis (routing and directions). Members assigned the Viewer role cannot create or share content or perform analysis or data enrichment. The Viewer role is compatible with all user types.
  • Data Editor—Viewer privileges plus the ability to edit features shared by other ArcGIS users. The Data Editor role is compatible with all user types except Viewer.
  • User—Data Editor privileges plus the ability to create groups and content. Users can use the organization's maps, apps, layers, and tools, and join groups that allow members to update all items in the group. Members assigned the User role can also create maps and apps, edit features, add items, share content, and create groups. The User role is compatible with the Creator and GIS Professional user types.
  • Publisher—User privileges plus the ability to publish features and map tiles as hosted web layers. Members assigned the Publisher role can also perform analysis on layers in maps. The Publisher role is compatible with the Creator and GIS Professional user types.
  • Facilitator—Publisher privileges plus the ability to invite partnered collaboration members to groups. This includes the privilege to create and manage partnered collaboration groups, invite members from another organization into groups, and create shared update groups.
  • Administrator—Publisher privileges plus privileges to manage the organization and other users. An organization must have at least one administrator. However, there is no limit to the number of Administrator roles that can be assigned within an organization. It is recommended that an organization have at least two administrators, while restricting this role to those who require the additional privileges associated with it. The Administrator role is compatible with the Creator and GIS Professional user types.


Although the default Viewer and Data Editor roles do not support joining groups owned by outside organizations, a member can be granted the Join external groups privilege through a custom role created based on either of these default roles.

Custom roles

You may want to refine the default roles in your organization into a more fine-grained set of privileges by creating custom roles. For example, your organization may want to assign some members the same privileges as a default Publisher but without allowing them to use GeoEnrichment. This could be achieved by creating a custom role based on the default Publisher role, turning off the GeoEnrichment privilege, and naming the custom role to reflect what privileges it confers; for example, you could name this role Publisher without GeoEnrichment or something similar.

Only members of the default administrator role, or those assigned a custom administrator role with the Member roles privilege, can create and modify custom roles. These administrators can configure custom roles based on any combination of available general and administrative privileges. To help create a custom role, administrators can use one of the available predefined templates containing privileges for common workflows, such as curating data or authoring content. The templates can be used as configured or can be customized as needed by adding or removing privileges. Once a custom role has been created, any organization member who has the Change roles privilege can assign the role to members.

When you create a custom role, privileges that are dependent on one another are enabled by default. For example, to publish a hosted feature layer, role members must also have the privilege to create, update, and delete content. If you disable either of those privileges, members of the role cannot publish a hosted feature layer. See Privileges for common workflows for a list of dependent privileges required for members to complete specific tasks.

You can create custom roles that include administrative privileges to manage your organization settings. This allows administrators to delegate a specific set of administrative tasks to users without giving them the full set of privileges in the default administrator role. For example, a user with a custom role that includes the Organization website privilege will have the ability to manage the organization's website settings without the ability to perform other administrative tasks, such as managing security or credits.

The privileges that can be granted to a member through a custom role cannot exceed those associated with the member's assigned user type. For example, a member with a Viewer user type cannot be assigned a role with editing privileges.


If you are a member of a custom role, you can get information about the privileges it includes by clicking the Role Information button in your profile.