Before using ArcGIS GeoBIM, you must understand what each member can do in the organization based on User types, roles, and privileges. These settings will determine the scope of privileges available to the member when working in ArcGIS GeoBIM.
The main security components for ArcGIS GeoBIM are described in more detail below.
Security models
The security of your ArcGIS GeoBIM deployment depends on proper, stringent authentication and authorization of your users. Authentication is the process of verifying the identity of a user, and authorization is the process of verifying that an authenticated user has the permissions to access the requested resource or perform the requested operation. To enforce permissions for secured resources and operations, a user is first authenticated; then their authorization is verified. These terms are defined by your chosen security model.
Security models supported by ArcGIS GeoBIM include the following:
- Built-in auth—this method requires the user to type an ArcGIS organizational username and password. To learn more see configure built-in users and groups.
- SAML—this method supports service provider (SP) initiated organization-specific logins and identity provider (IdP) initiated organization-specific logins. To learn more see configure organization-specific logins using SAML.
Autodesk Forma account
An Autodesk Forma (formerly Autodesk Construction Cloud) account is required to use ArcGIS GeoBIM. The following are features that require an Autodesk Forma account:
- Creating an account in ArcGIS GeoBIM requires access to the Autodesk Forma project documents.
- Running the ArcGIS GeoBIM tools requires access to an Autodesk Forma project to locate documents and issues.
Note:
Your Autodesk account requires at least "View + Download" permissions in the Autodesk Forma project to run the ArcGIS GeoBIM tools with manually uploaded models.
Your Autodesk account requires at least "Edit" permissions in the Autodesk Forma project to run the ArcGIS GeoBIM tools on Revit cloud models.
An Autodesk BIM Collaborate Pro license is required to successfully process workshared cloud models in ArcGIS GeoBIM.
- Viewing documents requires access to the Autodesk Construction Cloud document being viewed.
- Creating issues in ArcGIS GeoBIM requires "create issues" permission in the Autodesk Forma project. To create an issue linked to a document, access to the document in Autodesk Forma is also required. Learn more about Autodesk issue permissions .
Esri user type
Esri user types provide licensed access to ArcGIS GeoBIM and define which default roles are available. Access to the ArcGIS GeoBIM capability is provided through user types (previously enabled by the user type extension). Access is included in the following user types:
- Contributor
- Mobile Worker
- Creator
- Professional
- Professional Plus
See the User types documentation for the description of each user type.
ArcGIS GeoBIM permission requirements
The various user types and roles in ArcGIS organizations enable access to different features of ArcGIS GeoBIM. Only Administrator, Publisher, and Facilitator roles can create new projects.
Note:
Project owners always have full access to create, view, edit, share, and delete items.
Role access for shared projects (via Organization or Groups) can vary. Administrator roles still maintain full access on projects that are shared with them, while Viewer roles are limited to view access only. Access for other member roles (Publisher, Facilitator, User, and Data Editors) include:
- Accounts page
- Publishers, Facilitators, and Users can create account connections.
- Data Editors are limited to view access only.
- Tools page
- Publishers, Facilitators, and Users can both run and cancel tool runs.
Note:
The Add Document Models tool must be executed by the project owner before other users can select it. Roles require privileges to publish hosted 3D layers to use this tool.
- Data Editors can only cancel tool runs.
- Publishers, Facilitators, and Users can both run and cancel tool runs.
- Links page
- Publishers, Facilitators, Users, and Data Editors have full access to create and delete both feature links and link rules.
- Apps page
- Publishers, Facilitators, and Users can create new apps but they can only share, edit, or delete the apps they personally created.
- Data Editors are limited to view access only.
- Viewer / Dashboard app page
- Publishers, Facilitators, Users, and Data Editors can create, edit, and upload issues.
- Publishers, Facilitators, Users, and Data Editors are restricted to editing GeoBIM Note layers in the Editor widget.
- Maps page
- Publishers, Facilitators, Users, and Data Editors are restricted to viewing the map details.
To learn more on default and custom roles, see Member roles.