Permissions can be set at the database server, geodatabase, and dataset levels using predefined roles.
Grant or revoke database server administrator permissions
Server administrators can grant server administrator permissions to other people by adding their logins to the server administrator role.
- Start ArcMap and open the Catalog window.
- Connect to the database server for which you want to change a user's server permissions.
- Right-click the database server and click Permissions.
- Choose the user from the list.
- Check the Server administrator check box to grant the user server administrator privileges.
- Uncheck the Server administrator check box to revoke the user server administrator privileges.
- Click Apply.
The user is now a server administrator (dbo) on the database server.
Alter geodatabase permissions
Server administrators or the geodatabase administrator can change other users' permissions on a geodatabase by assigning the users to or removing them from one of four roles: None, Read Only, Read/Write, or Admin.
Geodatabase roles confer permissions to all objects in the geodatabase. For example, if a user is added to the Read/Write role on a geodatabase, that user will have read/write access to all data in that geodatabase.
Tip:
If you choose a user from the list who is a database server administrator, a message appears indicating the user has higher-level permissions and all role options are deactivated. This is because administrators already have these as well as additional permissions on the geodatabase and, therefore, should not be added to one of the roles on this dialog box.- Connect to the database server in the Catalog window.
- Right-click the geodatabase for which you want to grant user permissions.
- Click Administration and click Permissions.
- Choose the desired user or group from the list on the Permissions dialog box.
- Click the appropriate role and click Apply.
For example, if you want to grant a user read-only permissions to the geodatabase, click Read Only.
This user can now view all data in the geodatabase but not edit, delete, or add data.
Alter dataset permissions
Permissions on datasets in a workgroup or desktop geodatabase are altered by assigning the user to one of three roles: None, Read Only, or Read/Write.
The following rules apply to assigning dataset permissions:
- Only the owner of the dataset can alter permissions on it.
- Only the owner of a dataset can drop the dataset or alter its definition; therefore, even if the owner of the dataset grants read/write privileges on a dataset to another user, that user cannot alter the schema of the dataset.
- You can only alter a user's permissions on one dataset at a time.
- It is not possible to grant a user different permissions to feature classes within a feature dataset.
Tip:
If you choose a user from the list who is in the geodatabase or server administrator roles, a message appears indicating the user has higher-level permissions and all dataset permissions options are deactivated. Since you cannot deny a user access to specific objects but only grant permission to specific objects, if you do not want the user to have read/write access to all objects in the geodatabase, you need to change his or her rights on the geodatabase to read only and grant read/write permissions to only those datasets to which you want him or her to have read/write access.- In the Catalog tree, connect to the geodatabase that contains the dataset for which you want to alter privileges.
Be sure you are connected as the owner of the dataset.
- Right-click the dataset for which you want to give specific privileges to another user.
- Click Manage and click Privileges.
The dataset Permissions dialog box opens.
- From the Database Server Users list, choose the user or group to which you want to grant permissions on the dataset.
- Click the permission you want to grant for this dataset to this user or group (None, Read Only, or Read/Write).
- Click Apply.
- Click OK to close the dialog box.