User types, roles, and privileges

Organizations can use, create, and share a wide range of geographic content, including maps, scenes, apps, and layers. The ability of individual organization members to access and work with content in different ways depends on the privileges they have in the organization. User types allow organizations to control the scope of privileges that can be assigned to members through roles.

User types

Organizations assign user types to members based on the members' needs and requirements. Members are assigned a user type when they are invited to the organization. The user type determines the privileges that can be granted to the member through a default or custom role. Each user type also includes access to specific apps.

The following user types are offered:

  • ViewerViewers can view items that are shared with them by other ArcGIS users and have access to a selection of apps. This user type is ideal for members of an organization who need to view ArcGIS content in a secure environment. Viewers can’t create, edit, share, or perform analysis on items or data.
  • EditorEditors can view and edit data in ArcGIS maps and apps that are shared with them by other ArcGIS users. This user type is ideal for users who need to access and edit data that is shared with them and includes access to a selection of apps. The Editor user type can also be used with custom editing applications created by customers or by Esri business partners. Editors can’t analyze, create, or share items or data.
  • Mobile WorkerMobile Workers can view and edit data that has been shared with them by other ArcGIS users and have access to a selection of apps. This user type is ideal for users who primarily interact with ArcGIS content through field apps. It allows mobile users to view and edit data directly in ArcGIS Online or in field apps, share their location and record location tracks, and collect and edit data in the field. Mobile Workers can’t analyze, create, or share items or data.
  • CreatorCreators can create and edit content such as maps and apps, perform spatial analysis using the analysis tools in ArcGIS Online, collect data, and collaborate and share content for use in apps. Creators have access to a selection of apps, can view content created by other organization members, and administer users and content in the organization. The Creator user type is a good choice for GIS specialists, asset managers, data journalists, and other content creators and collaborators.
  • GIS ProfessionalGIS Professionals can build advanced 2D and 3D maps, visualizations, and analyses using ArcGIS Pro (Basic, Standard, or Advanced), as well as use ArcGIS Online to create, edit, and collaborate and share content for use in apps. GIS Professionals can also administer users and content in the organization. This user type is a good choice for GIS analysts, geodevelopers, cartographers, and other GIS professionals. The GIS Professional user type can be assigned at the following three levels, which correspond to the three license levels of ArcGIS Pro:
    • GIS Professional Basic—The GIS Professional Basic user type includes ArcGIS Pro Basic, which provides the tools and environment for map creation and interactive visualization.
    • GIS Professional Standard—The GIS Professional Standard user type includes ArcGIS Pro Standard, which provides the tools and environment for map creation, interactive visualization, multiuser editing, and advanced data management.
    • GIS Professional Advanced—The GIS Professional Advanced user type includes ArcGIS Pro Advanced, which provides the tools and environment for map creation, interactive visualization, multiuser editing, advanced data management, advanced analysis, high-end cartography, and extensive database management.
  • Insights AnalystInsights Analysts have all the capabilities required to use ArcGIS Insights, including creating and sharing content and performing analysis. This user type includes an Insights license. It's designed for those who primarily use Insights in their day-to-day tasks and may need to perform administrative tasks in the organization, but who don't need to access other ArcGIS apps. To learn more about this user type, see Licensing in the Insights documentation.
  • Storyteller—The Storyteller user type allows users to create stories using ArcGIS StoryMaps. Storytellers can sign in to ArcGIS StoryMaps and create stories using content such as maps, scenes, and apps created and shared by other members of their organization. Storytellers can also create embedded maps on the fly using express maps when creating stories. This user type includes an ArcGIS StoryMaps license.
Note:

Apps that are not included with an assigned user type can be licensed and assigned as needed to specific members as add-on licenses. For example, ArcGIS Business Analyst and ArcGIS Insights can be purchased and assigned to members who have been granted the Creator or GIS Professional user types.

User type examples

The following examples illustrate how user types can be applied in an organization:

  • A content creator assigned a Creator user type creates and shares a site selection app with a group of users in their organization. This app allows users to select a specific site and view attribute information about the site that should only be available to employees. A member assigned a Viewer user type can join the group and view and interact with the app.
  • A data editor assigned the Editor user type uses the Crowdsource Manager configurable app to review and clean up data submitted by the public. The data editor can view and update the public data entries to prepare them for publication and analysis.
  • A GIS specialist in a forestry organization is tasked with creating a tree inventory map for forestry technicians to use. The GIS specialist is assigned a GIS Professional Basic user type, which allows her to create complex data models, including subtypes and domains, using ArcGIS Pro. She then publishes the data to ArcGIS Online and creates a web map for forestry technicians to use in ArcGIS Field Maps. Once the map is created, the GIS specialist can test the functionality in ArcGIS Field Maps and share the web map with the appropriate group. Each forestry technician is given an ArcGIS member account and assigned a Mobile Worker user type so they can sign in to Field Maps, find their web maps, and edit the data as needed.

Roles

A role defines the set of privileges assigned to a member. Privileges are assigned to members through a default role or a custom role. Members are assigned a role when they are invited to the organization.

If you're not sure what role you were assigned or if you need more information about your role, click the Role Information button Role Information in the Role section of your profile.

Note:

Once a member joins, their role can be changed by administrators and those with privileges to change member roles. Changing roles to or from administrator can be done only by administrators.

Default roles

ArcGIS Online defines a set of privileges for the following default roles:

Note:

A member's user type determines the default roles that can be assigned to them. User types compatible with each role are noted below.

  • Viewer—View items such as maps, apps, demographics, and elevation analysis layers that have been shared with the member. Join groups owned by the organization. Use geocoding, geosearch, and network analysis (routing and directions). Members assigned the Viewer role cannot create or share content, or perform analysis or data enrichment. The Viewer role is compatible with all user types.
  • Data Editor—Viewer privileges plus the ability to edit features shared by other ArcGIS users. The Data Editor role is compatible with all user types except Viewer.
  • User—Data Editor privileges plus the ability to create groups and content; use the organization's maps, apps, layers, and tools; and join groups owned by the organization. Members assigned the User role can also create maps and apps, edit features, add items, share content, and create groups. The User role is compatible with the Creator, GIS Professional, Storyteller, and Insights Analyst user types.
  • Publisher—User privileges plus the ability to publish features and map tiles as hosted web layers. Members assigned the Publisher role can also perform analysis on layers in maps. The Publisher role is compatible with the Creator, GIS Professional, Storyteller, and Insights Analyst user types.
  • Facilitator—Publisher privileges plus the ability to invite partnered collaboration members to groups. This includes the privilege to create and manage partnered collaboration groups, invite members from another organization into groups, and create shared update groups.
  • Administrator—Publisher privileges plus privileges to manage the organization and other users. An organization must have at least one administrator. However, there is no limit to the number of Administrator roles that can be assigned within an organization. It is recommended that an organization have at least two administrators, while restricting this role to those who require the additional privileges associated with it. The Administrator role is compatible with the Creator, GIS Professional, Storyteller, and Insights Analyst user types.
Tip:

Although the default Viewer and Data Editor roles do not support joining groups owned by outside organizations, a member can be granted the Join external groups privilege through a custom role created based on either of these default roles.

Custom roles

You may want to refine the default roles in your organization into a more fine-grained set of privileges by creating custom roles. For example, your organization may want to assign some members the same privileges as a default Publisher but without allowing them to use GeoEnrichment. This could be achieved by creating a custom role based on the default Publisher role, turning off the GeoEnrichment privilege, and calling the custom role Publisher without GeoEnrichment or something similar.

Only default administrators, or those assigned a custom administrator role with the Member roles privilege, can create and modify custom roles. These administrators can configure custom roles based on any combination of available general and administrative privileges. Once a custom role has been created, any organization member who has the Change roles privilege can assign the role to members. If you have a custom role, you can get information about the privileges it includes by clicking the Role Information button in your profile.

You have the ability to create custom roles that include administrative privileges to manage your organization settings. This allows administrators to delegate a specific set of administrative tasks to users without giving them the full set of privileges in the default administrator role. For example, a user with a custom role that includes the Organization website privilege will have the ability to manage the organization's website settings without the ability to perform other administrative tasks, such as managing security or credits.

The privileges that can be granted to a member through a custom role cannot exceed those associated with the member's assigned user type. For example, a member with a Viewer user type cannot be assigned a role with editing privileges.

Privileges

Privileges allow organization members to perform different tasks and workflows in an organization. For example, some members have privileges to create and publish content, while others have privileges to view content but cannot create their own.

General privileges

Members who perform specific tasks within the organization—create maps or edit features, for example—can be assigned the general privileges they need to work and share with groups, content, and features.

The following table lists privileges, grouped by privilege type, and provides a description of each privilege. The table also lists which default roles include the privilege.

In addition to these privileges that you can grant to custom roles and that are included with default roles, all users can use geosearch and use subscriber content regardless of their role.

General privilegesDefault roles that include the privilege

Members

View

Allows members to view the Members tab of the organization page. Without this privilege, members cannot see the organization page.

User, Publisher, Facilitator, Administrator

Groups

Create, update, and delete

Allows members to create groups in the organization and control the groups they own.

User, Publisher, Facilitator, Administrator

Join organizational groups

Allows members to be added to or request to join groups in the organization. Members can only request to join organizational groups if they also have the privilege to view groups shared with the organization. Without the privilege to view groups shared with the organization, members do not see the groups and, therefore, cannot request to join them.

All default roles

Join external groups

Allows members to be added to or request to join groups external to your organization. Members can only request to join external groups if they also have the privilege to view groups shared with the organization. Without the privilege to view groups shared with the organization, members do not see the groups and, therefore, cannot request to join them.

User, Publisher, Facilitator, Administrator

View groups shared with organization

Allows members to discover and view groups that are configured to allow organization members to view them.

User, Publisher, Facilitator, Administrator

Invite partnered organization members

Allows members to create groups that include members from partnered organizations, as well as invite members of partnered organizations to groups.

User, Publisher, Facilitator, Administrator

Add members from other organizations

Allows members to create groups that include members from other organizations, as well as invite members of other organizations to groups.

User, Publisher, Facilitator, Administrator

Content

Create, update, and delete

Allows members to create items in the organization and control items they own.

User, Publisher, Facilitator, Administrator

Publish hosted feature layers

Allows members to publish hosted feature layers from shapefiles, CSVs, and so on.

Publisher, Facilitator, Administrator

Publish hosted tile layers

Allows members to publish hosted tile layers from tile packages, features, and so on.

Publisher, Facilitator, Administrator

Publish hosted scene layers

Allows members to publish hosted scene layers.

Publisher, Facilitator, Administrator

Publish hosted tiled imagery layers

Allows members to publish hosted tiled imagery layers from a single image or collection of images, and allows members to export a tile package from a hosted tiled imagery layer.

Note:

This privilege requires an ArcGIS Image for ArcGIS Online user type extension license.

Publisher, Facilitator, Administrator

Publish hosted dynamic imagery layers

Allows members to publish hosted dynamic imagery layers from a single image or collection of images.

Note:

This privilege requires an ArcGIS Image for ArcGIS Online user type extension license.

Publisher, Facilitator, Administrator

View content shared with the organization

Allows members to view content shared with the organization.

All default roles

Create and edit notebooks

Allows members to create and edit interactive notebooks.

Publisher, Facilitator, Administrator

Schedule notebooks

Allows members to schedule future automated runs of a notebook.

Publisher, Facilitator, Administrator

View location tracks

Allows members to view members' location tracks using shared track views when location sharing is enabled.

Administrator

Publish feeds

Allows members to publish feeds to ingest and display real-time data using ArcGIS Velocity.

Note:

This privilege is only visible if your organization has ArcGIS Velocity licenses.

Publisher, Facilitator, Administrator

Publish real-time analytics

Allows members to publish real-time analytics to analyze and process real-time data using ArcGIS Velocity.

Note:

This privilege is only visible if your organization has ArcGIS Velocity licenses.

Publisher, Facilitator, Administrator

Publish big data analytics

Allows members to publish big data analytics to analyze historical observation data using ArcGIS Velocity.

Note:

This privilege is only visible if your organization has ArcGIS Velocity licenses.

Publisher, Facilitator, Administrator

Reassign content

Allows members to transfer ownership of content they own to another member in the same organization. The member to whom ownership is transferred must have the privilege to receive content.

Administrator

Receive content

Allows members to receive content transferred to them from members who have the privilege to reassign content.

This privilege is not required to receive content transferred by organization administrators.

Administrator

Sharing

Share with groups

Allows members to share items they own with groups to which they belong.

User, Publisher, Facilitator, Administrator

Share with organization

Allows members to share items they own with your organization.

User, Publisher, Facilitator, Administrator

Share with public

Allows members to share items they own with the public, including those who are not signed in.

Note:

This privilege is only visible when the Members can share content publicly setting is enabled for the organization.

User, Publisher, Facilitator, Administrator

Make groups visible to organization

Allows members to make groups discoverable by your organization.

User, Publisher, Facilitator, Administrator

Make groups visible to public

Allows members to make groups discoverable by the public, including those who are not signed in.

User, Publisher, Facilitator, Administrator

Make groups available to Open Data

Allows members to designate groups as being available for use in Open Data sites.

User, Publisher, Facilitator, Administrator

Premium Content

Geocoding

Allows members to use ArcGIS World Geocoding Service (or a view of this locator) to convert addresses or places to map points and store the results—for example, when publishing spreadsheets (CSV or Microsoft Excel files) as hosted feature layers. This does not apply to your own locators configured for the organization.

All default roles

Network Analysis

Allows members to perform network analysis tasks such as routing and drive-time areas.

All default roles

Spatial Analysis

Allows members to perform spatial analysis tasks such as creating buffers.

User, Publisher, Facilitator, Administrator

GeoEnrichment

Allows members to use GeoEnrichment to enrich features.

User, Publisher, Facilitator, Administrator

Demographics

Allows members to use premium demographic data.

All default roles

Imagery Analysis

Allows members to perform imagery and raster analysis tasks such as calculating slope. Requires an ArcGIS Image for ArcGIS Online user type extension license.

Publisher, Facilitator, Administrator

Advanced notebooks

Allows members to import and use ArcPy modules in ArcGIS Notebooks.

Publisher, Facilitator, Administrator

Feature report

Allows members to create feature reports in ArcGIS Survey123.

User, Publisher, Facilitator, Administrator

Features

Edit

Allows members to edit features in editable layers that are not public, based on the edit options enabled on the layer.

Data Editor, User, Publisher, Facilitator, Administrator

Edit with full control

Allows members to add, delete, and update features and attributes in editable hosted feature layers, regardless of the editing operations enabled on the layer.

Administrator

Administrative privileges

The privileges listed below can be assigned to custom roles to allow role members to assist the default administrators with managing members, groups, and content in the organization.

The default administrator role includes all the privileges listed below.

Administrative privileges

Members

View all

Allows members to view all member account information.

Update

Allows members to reset passwords, update member account information, and assign (and unassign) member categories.

Note:

Only default administrators can reset the passwords of other default administrators.

Delete

Allows members to delete member accounts.

Invite

Allows members to invite members to the organization.

Disable

Allows members to disable and enable member accounts.

Change roles

Allows members to change roles assigned to organization members.

Note:

Only default administrators can change the role to and from the default administrator role.

Manage licenses

Allows members to manage licenses for members.

Manage categories

Allows members to configure member categories for the organization.

Groups

View all

Allows members to view groups owned by members.

Update

Allows members to update groups owned by members.

Delete

Allows members to delete groups owned by members.

Reassign ownership

Allows members to reassign ownership of groups.

Assign members

Allows members to assign members to groups, remove members from groups, and update members' group roles in your organization.

Link to organization-specific group

Allows members to link ArcGIS Online group membership to organization-specific groups.

Create with update capabilities

Allows members to create and own groups that allow group members to update all items in the group (shared update groups).

Content

View all

Allows members to view content owned by members.

Update

Allows members to update and categorize content owned by members.

Delete

Allows members to delete content owned by members.

Reassign ownership

Allows members to reassign ownership of content.

Manage categories

Allows members to configure content categories for the organization.

ArcGIS Marketplace subscriptions

Create and manage

Allows members to create listings, list items, and manage subscriptions within ArcGIS Marketplace, and manage purchasers and contact information for your organization.

Note:
Use of this privilege depends on your organization obtaining listing and publishing access to ArcGIS Marketplace.

Purchase and get free products:

Members can send purchase requests and access free products from providers in ArcGIS Marketplace.

Note:

To allow members to purchase products using credit cards, you must designate them as ArcGIS Marketplace purchasers.

Start trials

Allows members to start trials in ArcGIS Marketplace.

Organization settings

Security and infrastructure: Manage the organization's security settings

Allows members to configure the following in the organization settings:

  • General: Organization verification, Short name, Administrative contacts, Esri User Experience Improvement Program
  • Items: Comments
  • New member defaults: User type, Role, Add-on licenses, Groups, Credits, Esri access
  • Security: Policies, Sharing and searching, Multifactor authentication, Password policy, Logins, Access notice, Information banner, Trusted servers, Allow origins, Allow portal access

Organization website: Manage the organization's website settings

Allows members to configure the following in the organization settings:

  • General: Organization profile (Name, Logo, Summary), Organization verification, Contact link, Organization defaults (Region, Language, Short name), Administrative contacts, Esri User Experience Improvement Program, Shared theme, App launcher
  • Home Page: Header, Content blocks, Footer, Colors, and Typography
  • Gallery: Show in gallery
  • Map: Primary map viewer, Basemap gallery, Map defaults (Default basemap, Default extent, Units), Bing Maps, ArcGIS Configurable Apps, Web styles, Analysis layers
  • Items: Metadata, Organization categories
  • Groups: Featured groups, ArcGIS Configurable Apps
  • Open Data:Open Data site

Collaborations

Allows members to configure and manage the organization's collaborations in the organization settings.

Credits

Allows members to configure credits in the organization settings and enable credit budgeting.

Member roles

Allows members to configure member roles in the organization settings and change member roles.

Utility services: Manage the organization's utility service settings

Allows members to configure the following in the organization settings:

Privileges reserved for default administrators

Certain administrative privileges are reserved for members of the default administrator role and are not available for custom roles. For example, only default administrators can remove other administrators from the organization. The following is a list of privileges reserved for default administrators:

  • Create and manage administrative reports
  • Disable multifactor authentication on member accounts
  • Enable and disable Esri access on member accounts
  • Change member role to or from administrator
  • Delete other administrators from the organization
  • Change member email addresses for ArcGIS organizational accounts
  • Reset the passwords of other default administrators
  • Share organization content with the public when site settings don't allow members to share outside the organization
  • Create and own administrative groups

Privileges for common workflows

Some workflows require a combination of privileges. In some cases, members are responsible for performing multiple workflows. For example, a GIS analyst may need to use certain analysis tools as well as publish hosted feature layers, which require the privileges listed in the table below for the Use the analysis tools and Publish hosted feature and WFS layers workflows. If you are unable to perform a function that you think your role should allow you to perform, verify that your administrator has enabled the full set of privileges required for the function.

General workflows

Workflow Required privileges

Use the analysis tools

  • Content: Create, update, and delete
  • Content: Publish hosted feature layers
  • Premium Content: Spatial Analysis
Note:

Some tools require the following additional privileges:

  • Premium Content: GeoEnrichment
  • Premium Content: Network Analysis
  • Premium Content: Imagery Analysis

Publish hosted feature and WFS layers

  • Content: Create, update, and delete
  • Content: Publish hosted feature layers

Publish hosted tile layers

  • Content: Create, update, and delete
  • Content: Publish hosted tile layers

Publish hosted scene layers

  • Content: Create, update, and delete
  • Content: Publish hosted feature layers
  • Content: Publish hosted scene layers

Publish hosted elevation layers

  • Content: Create, update, and delete
  • Content: Publish hosted tile layers

Publish hosted imagery layers

  • Content: Create, update, and delete
  • Content: Publish hosted tiled imagery layers
  • Content: Publish hosted dynamic imagery layers

Publish apps from Map Viewer, Map Viewer Classic, or a group page

  • Content: Create, update, and delete
  • Sharing: Share with groups
  • Sharing: Share with organization
  • Sharing: Share with public

Embed maps or groups

  • Content: Create, update, and delete
  • Sharing: Share with public

Make groups available to Open Data sites

  • Sharing: Make groups visible to public
  • Sharing: Make groups available to Open Data

Reassign ownership of your items to another member

  • Members: View
  • Content: Create, update, and delete
  • Content: Reassign content
Note:

Only members who have the privilege to receive content can become owners of your reassigned content.

Add, update, and delete features in hosted feature layers that have editing enabled for add or update only

  • Features: Edit
  • Features: Edit with full control

Administrative workflows

WorkflowRequired privileges

Manage content owned by members

  • Members: View all
  • Content: View all
  • Content: Update
  • Content: Delete
  • Content: Reassign ownership

Manage groups owned by members

  • Members: View all
  • Groups: View all
  • Groups: Update
  • Groups: Delete
  • Groups: Reassign ownership
  • Groups: Assign members

Manage member profiles

  • Members: View all
  • Members: Update

View subscription status reports

  • Members: View all
  • Content: View all
  • Groups: View all

Manage the organization's security settings

  • Members: View
  • Groups: View groups shared with organization
  • Members: View all
  • Groups: View all
  • Organization Settings: Security and infrastructure

Manage the organization's website settings

  • Members: View
  • Groups: Create, update, and delete
  • Groups: View groups shared with organization
  • Content: Create, update, and delete
  • Content: View content shared with the organization
  • Sharing: Share with groups
  • Sharing: Share with organization
  • Sharing: Share with public
  • Sharing: Make groups visible to organization
  • Sharing: Make groups visible to public
  • Members: View all
  • Groups: View all
  • Groups: Update
  • Content: View all
  • Content: Update
  • Content: Manage categories
  • Organization Settings: Organization website

Manage the organization's collaborations

  • Members: View
  • Groups: Create, update, and delete
  • Groups: View groups shared with organization
  • Content: Create, update, and delete
  • Content: Publish hosted feature layers
  • Content: View content shared with organization
  • Sharing: Share with groups
  • Members: View all
  • Groups: View all
  • Groups: Update
  • Content: View all
  • Content: Update
  • Content: Delete
  • Organization Settings: Collaborations

Manage the organization's credit settings

  • Members: View
  • Members: View all
  • Members: Update
  • Organization Settings: Credits

Manage the organization's member roles

  • Members: View
  • Members: View all
  • Members: Change roles
  • Organization Settings: Member roles

Change a member's user type

  • Members: View
  • Members: View all
  • Members: Update
  • Members: Change roles
  • Members: Manage licenses

Manage the organization's utility service settings

  • Members: View
  • Content: Create, update, and delete
  • Content: Publish hosted feature layers
  • Organization Settings: Utility services