ArcGIS Desktop

  • ArcGIS Pro
  • ArcMap

  • My Profile
  • Help
  • Sign Out
ArcGIS Desktop

ArcGIS Online

The mapping platform for your organization

ArcGIS Desktop

A complete professional GIS

ArcGIS Enterprise

GIS in your enterprise

ArcGIS Developers

Tools to build location-aware apps

ArcGIS Solutions

Free template maps and apps for your industry

ArcGIS Marketplace

Get apps and data for your organization

  • Documentation
  • Support
Esri
  • Sign In
user
  • My Profile
  • Sign Out

ArcMap

  • Home
  • Get Started
  • Map
  • Analyze
  • Manage Data
  • Tools
  • Extensions

Privileges for using ArcGIS with a SQL Server database

Privileges determine what a user is authorized to do with the data and the database. Assign privileges based on the type of work the person does within the organization.

As a Microsoft SQL Server database administrator, you create roles based on what people need to do in the database, grant privileges to the roles, and add the appropriate user accounts to each role. This topic lists the minimum required privileges for common types of users for which you would create roles: data viewers, data editors, and data creators.

Note that these privileges apply to using ArcGIS with a SQL Server database. If you need to know the privileges required to use a geodatabase in SQL Server, see Privileges for geodatabases in SQL Server.

The following table lists three groups of users and the minimum privileges they require to query, edit, or create data from ArcGIS.

Type of userRequired privilegesPurpose

Data viewer

CONNECT

This privilege allows users to connect to the database.

The CONNECT privilege is granted on databases to the public database role by default. If you revoke this privilege from public, you must explicitly grant CONNECT on databases to specific roles or logins.

SELECT on other users' tables

Data viewers need select privileges on specific tables you want them to see and query.

If allowed to read all tables in the database, you can assign users to the db_datareader database role; otherwise, grant SELECT on specific tables and views.

Data editor*

Data editors require the same privileges as data viewers, plus these additional privileges.

INSERT, UPDATE, DELETE on other users' tables

Grant the editing operations you want editors to perform on specific tables.

You can grant any combination of INSERT, UPDATE, and DELETE privileges depending on what editors need to do. Therefore, you might create multiple editor roles and grant the appropriate privileges to each. For example, you might have a full_edit role that has all three privileges plus SELECT on the tables role members need to edit and an updates_only role that has only SELECT and UPDATE privileges on the tables members need to edit.

Data creator

CONNECT

This privilege allows users to connect to the database.

The CONNECT privilege is granted on databases to the public database role by default. If you revoke this privilege from public, you must explicitly grant CONNECT on databases to specific roles or logins.

  • CREATE TABLE
  • CREATE INDEX
  • Each individual user requires its own matching schema. You cannot use a single schema for all data creators. Schema names must match individual user names.

These privileges allow data creators to create tables and feature classes.

*To edit data from ArcGIS, publish the data as a feature service that has editing capabilities enabled.

Additional, optional privileges you may want to grant data creators include the following:

  • CREATE VIEW
  • DROP VIEW
  • DROP TABLE
  • DROP INDEX

ArcGIS Desktop

  • Home
  • Documentation
  • Support

ArcGIS

  • ArcGIS Online
  • ArcGIS Desktop
  • ArcGIS Enterprise
  • ArcGIS
  • ArcGIS Developer
  • ArcGIS Solutions
  • ArcGIS Marketplace

About Esri

  • About Us
  • Careers
  • Esri Blog
  • User Conference
  • Developer Summit
Esri
Tell us what you think.
Copyright © 2021 Esri. | Privacy | Legal