Portal for ArcGIS
This tutorial covers the basic organization of Portal for ArcGIS and some publication and administration tasks you can perform in Portal for ArcGIS.
Portals
An ArcGIS portal is a service used to store, manage, access, and share server content.
ArcGIS Online provides separate portal instances to organizations that are managed by ESRI and hosted on Amazon Web Services (AWS).
ArcGIS Enterprise is suite of server software from ESRI that allows organizations to provide services on their own physical or virtual servers in the same manner as ArcGIS Online.
Portal for ArcGIS is a component of ArcGIS Enterprise that provides portal services from an ArcGIS Enterprise server.
Portal for ArcGIS provides the same portal interface as ArcGIS Online, except that Portal for ArcGIS runs as a part of an ArcGIS Enterprise installation rather than on ESRI's cloud servers.
A portal home page on an ArcGIS Enterprise server is accessed through a URL, with the path typically something like:
https://domain.com/portal/home
Portal Data Flow Example
A typical set of exchanges between a browser and ArcGIS Enterprise for a web map would go as follows.
- The viewer types in a URL or clicks on a link for a web map.
- The browser sends a request to the server for the web map.
- The request is received by IIS (Internet Information Server) and routed through the Web Adaptor to Portal for ArcGIS.
- Portal for ArcGIS responds with the HTML for the Map Viewer app.
- The HTML includes links to additional JavaScript, stylesheet (CSS), and JSON files needed by the app, and the web app sends additional requests to Portal for ArcGIS for those resources.
- One of the requests is for a JSON file with information about the map layers and symbology specific to this map.
- The app sends a request to the ArcGIS Server feature service (via ISS and Web Adaptor) for the features needed to draw the currently displayed area on the map.
- The server responds with the feature information (coordinates and attributes) and the web app renders those to display in the browser.
- As the viewer moves around the map, the web app sends additional requests to the ArcGIS Server for the features needed to display on newly exposed or zoomed areas.
- The web app also sends requests to the ArcGIS Online Living Atlas tile service for tiles needed to for the base map.
Organizations
An ArcGIS organization is a set of members from a private company or public entity (like a city government or state university) that can collaborate in a portal (ESRI 2024).
- Organizations are managed by administrators who have a subscription for ArcGIS Online, or an ArcGIS Enterprise license.
- All members of the organization must have an ArcGIS account and be approved to participate in the organization by the administrator.
- Groups in an ArcGIS organization are subsets of organization members who need restricted access to specific content. Groups are optional and individual members can be members of multiple groups or no groups at all.
- An ArcGIS for Personal Use license creates an organization with one member who also serves as the administrator.
Organization Overview Page
Information about your organization is available on your portal Organization pages.
Administrators can see more information about the organization on these pages than non-administrators.
Members
Members are accounts used by individual
people in the entity represented by the organization.
Privileges
Privileges in an ArcGIS portal are types of tasks that organization members are able to perform. Common privileges include:
- Viewing content
- Creating content
- Editing content
- Publishing content
- Performing analysis
- Creating and joining groups
- Adding members and modifying member information
Roles
Roles in an ArcGIS portal define the sets of privileges assigned to organization members. The following five core default roles ranked from the lease level of privilege to the greatest (ESRI 2024):
- A viewer can view content shared by other members, but cannot share or edit content, or perform analysis.
- A data editor has viewer privileges plus the ability to edit features shared by other members.
- A user has data editor privileges plus the ability to create groups and content.
- A publisher has user privileges plus the abiility to publish layers and perform analysis.
- An administrator can do anything.
Custom roles can be created that contain specific sets of privileges that have no exact match in the default roles. For example, an instructor may have the ability to view membership and content regardless of sharing, but not have the ability to change or delete members or content.
Principle of Least Privilege
The principle of least privilege is a core security practice that a user should be granted the minimum number of privileges that are essential for that user to perform their intended function in the organization (Cooper 2017, 213).
For example, the role with the least privilige that a developer working on a public web app that displays organizational data would need would probably be viewer, since they have no need to be able to create or edit data or modify members.
Federation
While a portal is used to manage organizational members and content, the content is actually served on the web by servers.
Federation is the process by which server(s) are associated with a portal. A single portal can be federated with multiple servers.
Names of servers federated to a portal are visible to administrators on the Organization, Settings, Servers page.
Content
Content includes services and files that are managed by your portal. You can view available content on the Content page in your portal.
Portal content can include:
- Services published from ArcGIS Pro
- Files uploaded to a portal through the web interface.
- Web apps like web maps and Experience Builder apps created from the portal interface.
Content can be organized into folders. Unfortunately, Portal has only one level of folders, which prevents content from being organized hierarchically.
Details Pages
Individual content items have pages in portal that displays item details:
- Title, summary, and description
- Content type: Feature layer, web map, project package, etc.
- Owner and attribution
- Creation and update dates
- Terms of use
- Storage size
Data Pages
Feature layers provide a Data page where feature attributes can be viewed and edited.
REST Endpoint URLs
Of particular interest with feature and tile services are the REST endpoint URLs.
Representational state transfer (REST) protocol is a standard application programming interface (API) for accessing server content through the internet.
- REST content is requested with a REST endpoint URL.
- Path names in the URL identify specific resourses from the server.
- Query strings provide parameters to the server, such as specific geographic areas or the desired format for the returned data.
When you open a REST URL in a browser with no parameters, the server will display an HTML information page about the resource.
REST URLs for feature layers can be added to Portal or ArcGIS Pro maps as new layers.
Those layers can be used to create new feature classes in ArcGIS Pro using the Export Features tool.
Sharing
Sharing in an ArcGIS portal defines who has permission to access content items. There are four sharing categories:
- Owner: Only the owner can access the content.
- Group(s): The owner and members of groups specified by the owner can access the content.
- Organization: All organization members can access the content.
- Everyone: Anyone who can access the portal can access the content.
Sharing is visible on and can be changed on the content listting page and on individual content pages.
The key question with sharing is need to know, a security practice from military practice where access to data is restricted unless there is a clear necessity for access to that data in order to perform official duties (DOD 1985).
- If the general public has no need to know, do not share with Everyone.
- If anyone in the organization has no need to know, do not share with Organization.
- If no members of specific groups have a need to know, do not share with Group.
- The default sharing is Owner.
Portals lack the ability to share with specific individuals in an organization, although you can create special purpose groups of one or two people in such cases.
Portals also lack the ability to share exclusively with specific people outside an organization. In such cases you will probably need to exchange data using a secure file sharing service like Box.
Editing
The ability to edit feature layers is controlled by the Enable Editing entry under Settings on a feature layer details page.
When editing is enabled, anyone who has sharing access to a feature layer can edit the geometries or attributes in the portal or in ArcGIS Pro.
When a feature layer is shared with Everyone, the Public Data Collection option must also be enabled. This added layer of confirmation exists because allowing anyone in the general public to edit a feature layer is dangerous when you have no control over who will be performing the editing.
Portals and ArcGIS Pro
Authorization
When you start ArcGIS Pro, you generally log in to a portal running a license manager that verifies you are authorized by your organization to use ArcGIS Pro.
If you are part of multiple organizations, you can select the portal you use for login with the Authorization link at the bottom of the ArcGIS Pro login screen.
Changing Your Active Portal
In ArcGIS Pro it is possible for you to be logged in to multiple portals simultaneously, but you can only have one active portal at a time, which specifies which portal content you can add to your maps and which portal will be used for any content that you publish.
You can add or select a different portal by clicking on your username at the top of the ArcGIS Pro screen and clicking active portal.
Publishing Content
Publishing is the process of making content available to members and the public through a portal.
The names of published services need to be unique within an organization. If you have a large organization that publishes multiple items that could have similar names, you can make the names unique by including the publication date or specific geographies in the names.
Feature Services from Lat/Long CSV Files
Point feature services can be easily created by uploading a CSV file with columns of latitudes and longitudes through your content page. The default symbology can then be defined and saved in the Map Viewer.
Feature Services from Files
Feature services can be created by uploading a GeoJSON file or zipped shapefile on your portal Content page.
Feature Services from ArcGIS Pro
Feature services can be created by publishing web layers from feature classes in ArcGIS Pro.
Multiple Layer Feature Services from ArcGIS Pro
Feature services can contain multiple layers, which can be a convenience when working with multiple layers that together form a coherent whole.
You can publish multiple layers together in a feature service by selecting the layers in the Contents pane before selecting Share, Share as Web Layer. Hold the Shift key when clicking to select multiple layers.
Tile Services from ArcGIS Pro
Rasters can be published as tile services from ArcGIS Pro.
- Before publishing, change Raster Layer, Rendering, Resampling Type to Cubic so the tiles are not pixellated at higher zoom levels.
- After the raster service definition is uploaded, the server will need some time to create the tile cache for the different zoom levels.
- If you need to be able to zoom in closer or further than the defaults chosen by the software, change the tile layer Settings and Visible Range and then Build Tiles as needed.
Web Apps
Portal provides the capability to make map oriented web apps using ArcGIS Dashboards or ArcGIS Experience Builder.