User groups or roles

Most database managment systems (DBMS) provide ways for the administrator to group users based on their data access needs and assign privileges to the group. This can reduce the time spent altering each individual user's permissions. You could, therefore, utilize groups (also called roles, types, or authorities depending on the DBMS) that grant rights to users based on their common functions.

You use roles in the database in the same way and for the same reasons as your system administrator uses groups in the operating system—to simplify administration of large numbers of privileges for large numbers of users.

Common categories or groups of ArcSDE users are those who view data, those who edit data, and those who create data. The specific types of privileges needed for these groups are detailed in the user permission topics for each DBMS. Read the one that applies to the DBMS you use.

In most cases, granting rights to groups does not preclude granting rights to individual users in ArcSDE geodatabases licensed through ArcGIS Server Enterprise. For instance, you could grant the minimum CREATE rights to the data creator group (which could include the ArcSDE administrator), then grant additional rights to only the administrative user. Each DBMS handles privilege precedence differently, though, so consult your DBMS documentation for details on the behavior of permissons for roles and individual users in your DBMS .

In addition, most DBMS products provide predefined groups. One of these is the PUBLIC role, described below. For other DBMS-specific predefined groups, please consult your DBMS documentation.