Migrating permissions from ArcGIS Server 9.2
If you applied access rules to ArcGIS Services at 9.2, you can migrate those permissions to apply to your current version. When doing this, you need to understand the following conditions:
- Access rules use only roles. Users are not individually authorized.
- Manager applies only Allow permissions, not Deny rules.
- At 9.2, services can only be secured using Windows users and groups. You must continue to use Windows groups as roles to migrate security rules.
Managing Security
It is possible to continue managing security at 9.2 by manually configuring access rules in the ArcGIS Services Web application. However, the recommended approach is to use the new framework for security managed by the ArcGIS Server. This will allow you to take advantage of security for services when accessed through representational state transfer (REST) protocol.
To migrate permissions from 9.2, do the following:
Steps:
- Before uninstalling 9.2, make a copy of the web.config file inside <IIS applications root>\ArcGIS\Services.
-
Open the saved web.config file and make a list of each folder or service that has security settings. Each has a <location> element with the name of the folder or service. For each service or folder, do the following:
- Note the Windows groups that are allowed access.
- Users cannot be added under the new format. If necessary, create new Windows groups for these users and add them to the permissions.
- Deny rules cannot be transferred, except that services inside folders can be set to not allow roles that are explicitly allowed for a parent folder. Folders can be set to not allow roles that are allowed by the root folder.
- After installing the current version of ArcGIS Server, configure security in Manager as described in Overview of setting up users and roles.
- Set permissions for services and folders as described in Securing Internet connections to services. When setting permissions, refer to the list compiled above to set allowed roles for services and folders.
- Enable security for services as described in Securing Internet connections to services.
8/22/2012