10 Steps GIS Managers can take to address RBAC challenges


If you’ve read the previous blog on Role Based Access Control and you’re finding some of the stories familiar, you might be wondering what is the best way to approach Role Based Access Control (RBAC) in your business so as to get the best out of your mapping solutions. 

Here are 10 steps you can take:

1) Conduct an audit:

first you need to make a realistic assessment of the current state of your platform.  A full audit will include assessing your content usage to establish which apps are business critical and form an idea of how to prioritise them.  You will also need a firm grasp on content ancestry – the relationships between users, groups, apps, webmaps, map services, and source datasets.  You will need some idea of the membership of groups who use your platform and how they use it; and a clear picture of what member-owned or member-generated content is interacting with your platform.

For bigger organisations with more elaborate mapping solutions, there are automated tools to help make these auditing activities easier:

  • MapTiks by SparkGeo - helps you understand how users engage with maps. It’s like google analytics for your maps

  • AdminTools by GeoJobe - helps you understand the ancestry of an item. For example, apps have webmaps, which have map services, which link to source data,  and all these elements form many-to-many relationships between each other and users.  AdminTools can help untangle the often confusing web of inter-relationships

  • CleanMyOrg by GeoJobe - helps you understand the structure of users and groups within an organisation, particularly by identifying duplicates.

2) Understand your users:

Strong relationships between managers, staff, and users are an important safeguard against the kinds of miscommunications and frustrations we’ve looked at above.  Take the time to find out who is using which maps, what they use them for, and why. Frequent users can often be a good source of suggestions for improving your platform’s user experience, and forming a relationship of trust and regular communication with them is the key to accessing this resource.

3) Prioritise use cases:

Having audited your platform and reached out to your users, you will have a much clearer idea of how different use cases should be ranked in terms of priority.  This should give both you and users more insight into current workflow and where and how to attack any issues that arise.

4) Segment Users:

Sort your users into groups. Some users will be regular users of a single app or map; some will be more casual users; some will use a broad range of features across your platform and may also contribute their own content.  Find as many users stories as you can, and for each one assess exactly what privileges and access they require and why.  The goal should be consistency in terms of use and access across each segment.

5) Create an access control matrix: 

This should support the growth of solutions over time.  A well-designed access control matrix should tell you at a glance what you need to know about your user segments, user cases, priorities, group members, required privileges, and required content.

6) External Advice: 

At this point, you are well on your way to developing a robust Role Based Access Control Policy.  Having gathered and sorted a lot of rich data about your apps and your users and how they work together, consider reaching out to a local ArcGIS consultant to review your current system for best practices and provide advice on optimal solution design.

7) Write RBAC Policy: 

You are now very well placed to create a comprehensive and well-designed policy around Role Base Access Control; or to significantly update your existing policy.  Make sure you review your policy regularly – annual reviews are recommended – and give all stakeholders and relevant parties an opportunity to sign off on the final product.

8) Define ArcGIS Online Roles:

When users are invited to your organisation, they are assigned a user type based on their needs and requirements.  In ArcGIS platforms, typical user types include Viewers, Editors, Field Workers, Creators, and GIS professionals.  Assigning roles to users means working out what privileges they should be assigned based on their user type.  ArcGIS platforms offer both default and custom roles, meaning you can be quite granular in the choice of roles you offer, based on the type of user and the level of access you wish to grant.

9) Assign roles:

You can now assign roles to members and users of the organisation according to the definitions  you have generated in the last step.  ESRI provides a set of simple and intuitive tools you can use to manage passwords, change role assignments, and enable various levels of access to your platform.  Be sure to communicate clearly with your staff and users about what access they have been granted based on their role, and why.

10) Configure map and content access:  

The best way to do this is using ESRI’s Groups feature – This enables you to define the purpose of a given group, add members, and share specific items with group members.  Once a group is set up and its purpose defined, configuring levels of access for specific groups should become intuitive.

Having run through these ten steps, it would be worthwhile to re-audit and review the policy’s and practical steps you have put in place at regular agreed intervals. Check that your changes have bedded in, and users and staff are being provided appropriate access.

Need more help with RBAC issues?

Sam Drummond