Overview of security store configuration
ArcGIS Server ships with a lightweight embedded database system. By default, the principal store (also called the security store) is configured to use this database to maintain user and role information. You can also configure ArcGIS Server to use the user and role information present in any relational database (for example, Microsoft SQL Server or MySQL) or directory server (for example, LDAP or Microsoft Active Directory) or a combination of both. You can also configure ArcGIS Server to access user and role information from a proprietary store by writing extensions (using the principal store API) and setting it up so that the ArcGIS Web Manager will connect to your proprietary store through your extension.
For more information on how to write extensions using the principal store API, see Extending the principal store.
The table below shows the supported data stores that can be used with ArcGIS Server as a principal store. The attribute R means that ArcGIS Server can only read from the store, and R/W means that ArcGIS Server can both read from and write to the store. ArcGIS Server can read from and write to a relational database but only read information present in a directory server.
USER store | ROLE store | |||
Derby (R/W) | External DB (R/W) | LDAP (R) | Active Directory (R) | |
Derby (R/W) | Allowed | |||
External DB (R/W) | Allowed | |||
LDAP (R) | Allowed | Allowed | Allowed | |
Active Directory (R) | Allowed | Allowed | Allowed |
The screen shot below illustrates the Web page for configuring the security store.
Security store configuration overview
To set up the security store, click Configure on the Security Store tab. This will bring up a wizard that will help you set up the user and role stores individually. The wizard will only allow the supported configuration for user and role stores (see the table above).
Step 1 of 3: Configure a user store
Select the store that will hold user information. Enter the connection parameters (so that ArcGIS can connect and access the information) for the data store by clicking the Configure link associated with the particular type of data store. To use the out-of-the-box Derby store, choose the Default (Internal Data Store) option and click Next.
Step 2 of 3: Configure a role store
Select the store that will hold the role information. To use the out-of-the-box Derby store, click Next.
Step 3 of 3: Security store configuration summary
This page summarizes the store configuration. If you are satisfied with the configuration, click Finish or make the necessary edits.
- For details on configuring an external database, see Configuring an external database as the security store.
- For details on configuring LDAP, see Configuring LDAP as the security store.
- For details on configuring Active Directory, see Configuring Active Directory as the security store.