Granting and revoking privileges on datasets
If you want to let other database users view or modify the contents of any data in an ArcSDE geodatabase, you must grant them the privilege to do so.
Use the Change Privileges geoprocessing tool to specify what privileges a user has on a specific dataset. You can grant SELECT privileges, meaning the user can read and select from but not modify the contents of a dataset. You can also grant a user edit privileges (SELECT, UPDATE, INSERT, and DELETE), which allows the user to both view and modify the contents of a dataset.
The privileges that allow a user to modify a dataset (UPDATE, INSERT, and DELETE) are granted and revoked as a group.
The following rules apply to granting and revoking privileges on data:
- Only the owner of the dataset can alter permissions on it.
- Revoking privileges requires an exclusive lock on the dataset; therefore, if another user is connected to the dataset, you won't be able to revoke privileges from users on the dataset.
- It is not possible to grant a user different permissions to feature classes within a feature dataset.
- If new feature classes are added to a feature dataset, or a network or topology are built in the feature dataset, the owner must grant permissions to the feature dataset again so they can be applied to the new tables in the feature dataset.
- Only the owner of a dataset can drop the dataset or alter its definition; therefore, even if the owner of the dataset grants INSERT, UPDATE, and DELETE privileges on a dataset to another user, that user cannot alter the schema of the dataset.
- You can only alter a user's permissions on one dataset at a time.
- The user name you type may require you to provide the domain or machine name with the user name, depending on the type of database management system in which the dataset is stored and the type of authentication the user will utilize to connect to that geodatabase. For example, if the operating system login was created to include the prefix of the domain or machine, you need to provide the domain or machine name with a backslash before the user name:
BARNYARD\user1
- Start ArcMap, open the Catalog window, then double-click the Database Connections folder in the Catalog tree.
-
Connect to the geodatabase that contains the data for which you want to alter privileges.
Be sure to connect as the owner of the data.
-
Right-click the dataset and click Privileges.
Tip:You could also open the Change Privileges tool from the Data Management toolbox.
This opens the Change Privileges geoprocessing tool.
-
See Change Privileges for instructions on using this tool.
Within the tool, the View drop-down menu allows you to specify whether you want the user to have SELECT privileges on the dataset. AS IS means the user's SELECT privileges stay the same, GRANT means you are granting the user SELECT permission to the dataset, and REVOKE means you are removing the SELECT privilege.
Use the Edit drop-down menu to choose which option you want for the UPDATE, INSERT, and DELETE privileges for this user on this dataset.