ArcGIS Desktop

  • ArcGIS Pro
  • ArcMap

  • My Profile
  • Help
  • Sign Out
ArcGIS Desktop

ArcGIS Online

The mapping platform for your organization

ArcGIS Desktop

A complete professional GIS

ArcGIS Enterprise

GIS in your enterprise

ArcGIS Developers

Tools to build location-aware apps

ArcGIS Solutions

Free template maps and apps for your industry

ArcGIS Marketplace

Get apps and data for your organization

  • Documentation
  • Support
Esri
  • Sign In
user
  • My Profile
  • Sign Out

ArcMap

  • Home
  • Get Started
  • Map
  • Analyze
  • Manage Data
  • Tools
  • Extensions

Privileges for using ArcGIS with a PostgreSQL database

Privileges determine what a user is authorized to do with the data and the database. Assign privileges based on the type of work the person does within the organization.

As a PostgreSQL database administrator, you create group roles based on what people need to do in the database, grant privileges to the group roles, and add individual login roles to each group role. This topic lists the minimum required privileges for common types of database users for which you would create group roles: data viewers, data editors, and data creators.

Note that these privileges apply to using ArcGIS with a PostgreSQL database. If you need to know the privileges required to use a geodatabase in PostgreSQL, see Privileges for geodatabases in PostgreSQL.

The following table lists three groups of users and the minimum privileges they require to query, edit, or create data from ArcGIS.

Type of userRequired privilegesPurpose

Data viewer

CONNECT

This privilege allows you to connect to the database.

The CONNECT and TEMP database privileges are granted to the public group role by default. If you revoke these privileges from public, you need to explicitly grant CONNECT and TEMP privileges on databases to specific logins or group roles.

USAGE on schemas that contain data to which data viewers need access

This privilege allows access to data in specific schemas.

If your database uses the PostGIS geometry type for spatial data storage, roles require SELECT privileges on the public.geometry_columns and public.spatial_ref_sys views.

These privileges are required to read PostGIS geometry columns.

If your database uses the PostGIS geography type for spatial data storage, roles require SELECT privileges on the public.geography_columns and public.spatial_ref_sys views.

These privileges are required to read PostGIS geography columns.

SELECT on specific datasets

This allows viewers access to specific tables and feature classes in the schemas to which they have access.

Data editor*

Data editors require the same privileges as data viewers, plus these additional privileges.

INSERT, UPDATE, and DELETE on specific datasets

You can grant any combination of INSERT, UPDATE, and DELETE privileges depending on what editors need to do. Therefore, you might create multiple group roles and grant the appropriate privileges to each. For example, you might have a full_edit group role that has all three privileges plus SELECT on the tables group members need to edit and an updates_only group role that has only SELECT and UPDATE privileges on the tables members need to edit.

Data creator

Data creators require the same privileges as data viewers plus this additional privilege.

Each login role that creates data requires AUTHORIZATION on its own schema. Note that the schema name must match the login role name and that group roles cannot share a schema.

AUTHORIZATION ensures that all the objects created in the schema are owned by that user.

*To edit data from ArcGIS, publish the data as a feature service that has editing capabilities enabled.

ArcGIS Desktop

  • Home
  • Documentation
  • Support

ArcGIS

  • ArcGIS Online
  • ArcGIS Desktop
  • ArcGIS Enterprise
  • ArcGIS
  • ArcGIS Developer
  • ArcGIS Solutions
  • ArcGIS Marketplace

About Esri

  • About Us
  • Careers
  • Esri Blog
  • User Conference
  • Developer Summit
Esri
Tell us what you think.
Copyright © 2021 Esri. | Privacy | Legal