Skip To Content

User types, roles, and privileges

Organizations can use, create, and share a wide range of geographic content, including maps, scenes, apps, and layers. The ability of individual organization members to access and work with content in different ways depends on the privileges they have in the organization. User types allow organizations to control the scope of privileges that can be assigned to members through roles.

User types

Organizations assign user types to members based on the members' needs and requirements. Members are assigned a user type when they are invited to the organization. The user type determines the privileges that can be granted to the member through a default or custom role. Each user type also includes access to specific apps and app bundles.

The following user types are offered:

  • ViewerViewers can view items that are shared with them by other ArcGIS users. This user type is ideal for members of an organization who need to view ArcGIS content in a secure environment. Viewers can’t create, edit, share, or perform analysis on items or data. This user type includes the Essential Apps Bundle.
  • EditorEditors can view and edit data in ArcGIS maps and apps that are shared with them by other ArcGIS users. This user type is ideal for users who need to access and edit data that is shared with them, using ArcGIS web apps such as Web AppBuilder for ArcGIS and configurable apps. The Editor user type can also be used with custom editing applications created by customers or by Esri business partners. Editors can’t analyze, create, or share items or data. This user type includes the Essential Apps Bundle.
  • Field WorkerField Workers can view and edit data that has been shared with them by other ArcGIS users. Ideal for users who primarily interact with ArcGIS content through Esri field apps, this user type allows users in the field to view and edit data using any of the apps included in the Field Apps Bundle (Collector for ArcGIS, Survey123 for ArcGIS, and Workforce for ArcGIS) and directly through ArcGIS Online. Field Workers can’t analyze, create, or share items or data. This user type includes the Essential Apps and Field Apps bundles.
  • CreatorCreators have all the capabilities of the Viewer, Editor, and Field Worker user types, plus the ability to create content, administer the organization, and share content for use in Essential Apps, Field Apps, and Office Apps. The Creator user type is designed for those who need to create web maps and apps, perform in-depth spatial analysis using the analysis tools in ArcGIS Online, and work with data using field apps such as Collector for ArcGIS. This user type includes the Essential Apps, Field Apps, and Office Apps bundles.
  • GIS ProfessionalGIS Professionals have all the capabilities and app bundles of the Creator, plus access to ArcGIS Pro (Basic, Standard, or Advanced). This user type is designed for those who need the full suite of GIS apps to perform their work—that is, create web maps and apps, perform in-depth spatial analysis using analysis tools, and leverage the advanced tools of ArcGIS Pro. The GIS Professional user type can be assigned at the following three levels, which correspond to the three license levels of ArcGIS Pro:
    • GIS Professional Basic—The GIS Professional Basic user type includes ArcGIS Pro Basic, which provides the tools and environment for map creation and interactive visualization.
    • GIS Professional Standard—The GIS Professional Standard user type includes ArcGIS Pro Standard, which provides the tools and environment for map creation, interactive visualization, multiuser editing, and advanced data management.
    • GIS Professional Advanced—The GIS Professional Advanced user type includes ArcGIS Pro Advanced, which provides the tools and environment for map creation, interactive visualization, multiuser editing, advanced data management, advanced analysis, high-end cartography, and extensive database management.

    All levels of the GIS Professional user type include access to apps in all of the app bundles in addition to ArcGIS Pro. This user type does not include access to ArcMap and other ArcGIS Desktop products.

  • Insights AnalystInsights Analysts have all the capabilities required to use Insights for ArcGIS, including creating and sharing content and performing analysis. This user type includes an Insights license. It's designed for those who primarily use Insights in their day-to-day tasks and may need to perform administrative tasks in the organization, but who don't need to access other ArcGIS apps. To learn more about this user type, see About licensing in the Insights documentation.
Note:

Apps that are not included with an assigned user type can be licensed and assigned as needed to specific members as add-on licenses. For example, ArcGIS Business Analyst and Insights for ArcGIS can be purchased and assigned to members who have been granted the Creator or GIS Professional user types.

User type examples

The following examples illustrate how user types can be applied in an organization:

  • A content creator assigned a Creator user type creates and shares a site selection app with a group of users in their organization. This app allows users to select a specific site and view attribute information about the site that should only be available to employees. A member assigned a Viewer user type can join the group and view and interact with the app.
  • A data editor assigned the Editor user type uses the Crowdsource Manager configurable app to review and clean up data submitted by the public. The data editor can view and update the public data entries to prepare them for publication and analysis.
  • A GIS specialist in a forestry organization is tasked with creating a tree inventory map for forestry technicians to use. The GIS specialist is assigned a GIS Professional Basic user type, which allows her to create complex data models, including subtypes and domains, using ArcGIS Pro. She then publishes the data to ArcGIS Online and creates a web map for forestry technicians to use in Collector for ArcGIS. Once the map is created, the GIS specialist can test the functionality in Collector and share the web map with the appropriate group. Each forestry technician is given an ArcGIS member account and assigned a Field Worker user type so they can sign in to Collector, find their web maps, and edit the data as needed.

Roles

A role defines the set of privileges assigned to a member. Privileges are assigned to members through a default role or a custom role. Members are assigned a role when they are invited to the organization.

If you're not sure what role you were assigned or if you need more information about your role, click the Role Information button Role Information in the Role section of your profile.

Note:

Once a member joins, their role can be changed by administrators and those with privileges to change member roles. Changing roles to or from administrator can be done only by administrators.

Default roles

ArcGIS Online defines a set of privileges for the following default roles:

Note:

A member's user type determines the default roles that can be assigned to them. User types compatible with each role are noted below.

  • Viewer—View items such as maps, apps, demographics, and elevation analysis layers that have been shared with the member. Join groups owned by the organization. Use geocoding, geosearch, and network analysis (routing and directions). Members assigned the Viewer role cannot create or share content, or perform analysis or data enrichment. The Viewer role is compatible with all user types.
    Tip:

    Although the default Viewer role does not support joining groups owned by outside organizations, a member can be granted the Join external groups privilege through a custom role created based on the default Viewer role.

  • Data Editor—Viewer privileges plus the ability to edit features shared by other ArcGIS users. The Data Editor role is compatible with all user types except Viewer.
  • User—Data Editor privileges plus the ability to view content shared by other ArcGIS users; use the organization's maps, apps, layers, and tools; and join groups owned by the organization. Members assigned the User role can also create maps and apps, edit features, add items, share content, and create groups. The User role is compatible with the Creator, GIS Professional, and Insights Analyst user types.
  • Publisher—User privileges plus the ability to publish features and map tiles as hosted web layers. Members assigned the Publisher role can also perform analysis on layers in maps. The Publisher role is compatible with the Creator, GIS Professional, and Insights Analyst user types.
  • Administrator—Publisher privileges plus privileges to manage the organization and other users. An organization must have at least one administrator. However, there is no limit to the number of Administrator roles that can be assigned within an organization. It is recommended that an organization have at least two administrators, while restricting this role to those who require the additional privileges associated with it. The Administrator role is compatible with the Creator, GIS Professional, and Insights Analyst user types.

The following table shows privileges available with the default roles.

Privilege summaryDefault role

Viewer

Data Editor

User

Publisher

Administrator

Use layers, maps, scenes, and apps

YesYesYesYesYes

Use geosearch

YesYesYesYesYes

Use geocoding

YesYesYesYesYes

Use demographics

YesYesYesYesYes

Use directions and routing (network analysis)

YesYesYesYesYes

Join groups without item update capability

YesYesYesYesYes

Edit features

YesYesYesYes

Join groups with item update capability

YesYesYes

Use subscriber content

YesYesYes

Use spatial analysis

YesYesYes

Use GeoEnrichment

YesYesYes

Create content

YesYesYes

Share maps, scenes, and apps

YesYesYes

Create groups

YesYesYes

Publish hosted web layers

YesYes

Perform analysis

Yes Yes

Enable Open Data

Yes

Invite users to the organization

Yes

Manage all members, content, and groups

Yes

Manage licenses and apps

Yes

View subscription status reports and activity logs

Yes

Configure website and security

Yes

Create and modify custom roles

Yes

ArcGIS Marketplace provider (requires organization authorization)

Yes

Set up a collaboration

Yes

Set up enterprise logins

Yes

Disable multifactor authentication on member accounts

Yes

Enable and disable Esri access on member accounts

Yes

Manage credits

Yes

Change member roles

Yes

Disable and delete members

Yes

Share organization content with the public when site settings don't allow members to share outside the organization

Yes

Create and own groups that allow members to update all items in the group

Yes
Note:

Most of the privileges listed above can also be assigned as part of a custom role; however, some administrative privileges are not available for custom roles as they are reserved for default administrators.

Custom roles

You may want to refine the default roles in your organization into a more fine-grained set of privileges by creating custom roles. For example, your organization may want to assign some members the same privileges as a default Publisher but without allowing them to use GeoEnrichment. This could be achieved by creating a custom role based on the default Publisher role, turning off the GeoEnrichment privilege, and calling the custom role Publisher without GeoEnrichment or something similar.

Only default administrators—that is, those who have been assigned the Administrator role—can create and modify custom roles. Default administrators can configure custom roles based on any combination of available general and administrative privileges. Once a custom role has been created, any organization member who has privileges to change member roles can assign the role to members. If you have a custom role, you can get information about the privileges it includes by clicking the Role Information button in your profile.

A member assigned a custom role that has any publishing privilege (for features, tiles, or scenes) will also be able to create other types of ArcGIS Server services on servers federated with your portal. This functionality may be restricted in a future release to prevent such workflows. It is recommended that if users need the ability to publish ArcGIS Server services, they be added to the default Publisher role.

The privileges that can be granted to a member through a custom role cannot exceed those associated with the member's assigned user type. For example, a member with a Viewer user type cannot be assigned a role with editing privileges.

Privileges

Privileges allow organization members to perform different tasks and workflows in an organization. For example, some members have privileges to create and publish content, while others have privileges to view content but cannot create their own.

General privileges

Members who perform specific tasks within the organization—create maps or edit features, for example—can be assigned the general privileges they need to work and share with groups, content, and features.

General privileges

Members

View

Groups

Create, update, and delete

Join organizational groups

Join external groups

View groups shared with organization

Content

Create, update, and delete

Publish hosted feature layers

Publish hosted tile layers

Publish hosted scene layers

View content shared with the organization

Sharing

Share with groups

Share with organization

Share with public

Make groups visible to organization

Make groups visible to public

Make groups available to Open Data

Premium Content

Geocoding: Use ArcGIS World Geocoding Service (or a view of this locator) to convert addresses or places to map points (geocoding) such as when publishing a CSV file of addresses as hosted feature layers or adding a CSV file of addresses to a map. (This does not apply to your own locators configured for the organization.)

Network Analysis: Perform network analysis tasks such as create drive-time areas

Spatial Analysis: Perform spatial analysis tasks such as create buffers

GeoEnrichment: Use GeoEnrichment to enrich features

Demographics: Use premium demographic map layers

Features

Edit: Edit features based on permissions set on the layer

Edit with full control: Edit features with full control on editable hosted feature layers

Open Data

Manage Open Data sites

Note:

This privilege is only available if open data capabilities are enabled for the organization.

Administrative privileges

The privileges listed below allow custom roles to assist the default administrators with managing members, groups, and content in the organization. These custom administrative roles do not include the full set of privileges reserved for default administrators—that is, those assigned the Administrator role.

Administrative privileges

Members

View all: View all member account information

Update: Update member account information, including resetting passwords

Delete: Delete member accounts

Invite: Invite members to the organization

Disable: Disable members from the organization

Change roles: Change roles of members

Note:

Only default administrators can change the role to and from the Administrator role.

Manage licenses: Manage licenses for members

Groups

View all: View group owned by members

Update: Update group owned by members

Delete: Delete group owned by members

Reassign ownership: Reassign ownership of groups

Assign members: Assign members to groups and remove members from groups

Link to enterprise group: Link ArcGIS Online groups to enterprise groups

Create with update capabilities: Create and own groups that allow group members to update all items in the group

Content

View all: View content owned by members

Update: Update and categorize content owned by members

Delete: Delete content owned by members

Reassign ownership: Reassign ownership of content

Manage categories: Configure content categories for the organization

ArcGIS Marketplace subscriptions

Request purchase information: Request purchase information in ArcGIS Marketplace

Start trials: Start trials in ArcGIS Marketplace

Privileges reserved for default administrators

Certain administrative privileges are reserved for default administrators and are not available for custom roles. For example, only default administrators can configure the website and remove other administrators from the organization. The following is a list of privileges reserved for default administrators:

  • Enable Open Data
  • Download activity log
  • Configure website and security
  • Create and modify custom roles
  • Set up a collaboration
  • Set up enterprise logins
  • Disable multifactor authentication on member accounts
  • Enable and disable Esri access on member accounts
  • Manage credits
  • Change member role to or from administrator
  • Delete other administrators from the organization
  • Share organization content with the public when site settings don't allow members to share outside the organization

Privileges for common workflows

Some workflows require a combination of privileges.In some cases, members are responsible for performing multiple workflows. For example, a GIS analyst may need to use certain analysis tools as well as publish hosted feature layers, which require the privileges listed in the table below for the Use the analysis tools and Publish hosted feature and WFS layers workflows. If you are unable to perform a function that you think your role should allow you to perform, verify that your administrator has enabled the full set of privileges required for the function.

General workflows

Workflow Required privileges

Use the analysis tools

  • Content: Create, update, and delete
  • Content: Publish hosted feature layers
  • Premium Content: Spatial Analysis
Note:

Some tools require the following additional privileges:

  • Premium Content: GeoEnrichment
  • Premium Content: Network Analysis

Publish hosted feature and WFS layers

  • Content: Create, update, and delete
  • Content: Publish hosted feature layers
  • Premium Content: Geocoding (to publish CSV files with addresses)

Publish hosted tile layers

  • Content: Create, update, and delete
  • Content: Publish hosted tile layers

Publish hosted scene layers

  • Content: Create, update, and delete
  • Content: Publish hosted feature layers
  • Content: Publish hosted scene layers

Publish hosted elevation layers

  • Content: Create, update, and delete
  • Content: Publish hosted tile layers

Publish apps from Map Viewer or a group page

  • Content: Create, update, and delete
  • Sharing: Share with groups
  • Sharing: Share with organization
  • Sharing: Share with public

Embed maps or groups

  • Create content
  • Share items with public

Make groups available to open data sites

  • Sharing: Make groups visible to public
  • Sharing: Make groups available to Open Data

Add, update, and delete features in hosted feature layers that have editing enabled for add or update only

  • Features: Edit
  • Features: Edit with full control

Administrative workflows

WorkflowRequired privileges

Manage content owned by members

  • Members: View all
  • Content: View all
  • Content: Update
  • Content: Delete
  • Content: Reassign ownership

Manage groups owned by members

  • Members: View all
  • Groups: View all
  • Groups: Update
  • Groups: Delete
  • Groups: Reassign ownership
  • Groups: Assign members

Manage member profiles

  • Members: View all
  • Members: Update

View subscription status reports

  • Members: View all
  • Content: View all
  • Groups: View all