Privileges determine what a user is authorized to do with the data and the database. Privileges should be assigned based on the type of work the person does within the organization. Is the user involved with administration of the geodatabase? Does the user need to edit or create data? Would the user only need to query the data?
User privileges are set at different levels. This topic lists database and dataset privileges for common types of users: data viewers, data editors, data creators, and the geodatabase administrator.
- The first section indicates the minimum privileges needed for each type of user.
- The second section lists the privileges needed to create or upgrade a geodatabase.
- Optional privileges needed for additional geodatabase functionality are listed in the last section.
You can use SQL Server tools or Transact SQL statements to manage user database privileges.
Privileges on datasets should be granted or revoked by the dataset owner using the Privileges dialog box or Change Privileges geoprocessing tool in ArcGIS for Desktop. See Grant and revoke dataset privileges for instructions.
Minimum privileges
| Type of user | Database privileges | Dataset privileges | Notes |
|---|---|---|---|
Data viewer | SELECT | If allowed to read all tables in the database, you can assign users to the db_datareader database role; otherwise, grant SELECT on specific tables and views. | |
Data editor |
| If the user will be editing versioned data through a versioned view, the user must also be granted SELECT, INSERT, UPDATE, and DELETE privileges on the versioned view. When you use the Privileges dialog box in ArcGIS to grant the SELECT, INSERT, UPDATE, and DELETE privileges on a versioned feature class, those privileges are automatically granted on the associated versioned view. | |
Data creator |
| Users who create data must have a default schema with the same name as their database user name. For example, for the user name simon, the default schema name must be simon. If it isn't, the user cannot create objects such as feature classes. | |
Geodatabase administrator | If the geodatabase administrator is a user named sde and that user will not own data in the geodatabase outside of the system objects, the sde user only needs to be able to connect to the geodatabase once the geodatabase has been created. However, when the geodatabase needs to be upgraded or if the sde user needs to kill connections or view all database users, additional privileges are required. | SELECT, INSERT, UPDATE, and DELETE on versioned datasets |
Privileges to create or upgrade a geodatabase
The following table lists the user and privileges you must use to create or upgrade geodatabases in SQL Server.
| Type of geodatabase | User and privileges to create a geodatabase | User and privileges to upgrade a geodatabase |
|---|---|---|
Sde-schema geodatabase | The sde user requires the following privileges:
| The sde user must be added to the db_owner role in the database to upgrade. Alternatively, the upgrade can be run by a user (other than sde) who is in the db_owner database role or sysadmin fixed server role. |
Dbo-schema | The dbo user already has the required privileges to create a geodatabase inside a database. | The dbo user already has the required privileges to upgrade. Alternatively, the upgrade can be run by a user who is in the db_owner database role. |
Multiple spatial database (always sde-schema) |
NA; beginning with ArcGIS 10.1, you cannot create a multiple spatial database geodatabase. | A user (other than sde) who is in the sysadmin fixed server role must upgrade the geodatabase. Sysadmin users have the required privileges to upgrade. |
Additional privileges
The following functionality requires additional privileges in the geodatabase:
- The geodatabase administrator (the sde user) in an sde-schema geodatabase must be added to the processadmin fixed server role and granted VIEW DEFINITION privileges on the database to drop geodatabase connections. The Create Enterprise Geodatabase geoprocessing tool grants this role and privilege to the sde user. You can revoke this privilege and remove the user from the processadmin role after geodatabase creation but, if you do, the sde user will not be able to disconnect users from the geodatabase.
- If you want data creators to be able to see existing users and roles in the database, you must grant them VIEW DEFINITION privileges on the database. (This is granted automatically to users you create using the Create Database User geoprocessing tool.)
- Any user who will own an XML column must be granted REFERENCES privileges on the full-text catalog used to index the XML column.
- If you alter your geodatabase configuration to use shared log file tables in the geodatabase, all users require CREATE TABLE privileges in the database.