Best Practices

VertiGIS Studio Access Control works by denying or modifying requests to, and responses from, ArcGIS Server. This powerful tool lets you control access to your ArcGIS Server services, but you should always consider how the applications that consume those services might be affected. Ultimately, you want to ensure your applications still function for all users.

The following sections discuss best practices and some things to keep in mind.

Required Layers

If you deny access to a layer or field that an application requires, the application may break or be unable to offer the expected functionality.

In this situation, rather than denying access to the layer/field, consider using attribute filters.

Feature Layers

When an application uses a particular layer as a feature layer, it typically issues a request to initialize the feature layer on startup. If you deny access to that layer in Access Control, this initialization request will fail.

Actual behavior will differ depending on the application. For example, ArcGIS Web AppBuilder and VertiGIS Studio Web applications will present an error because the service failed to initialize.

In this situation, consider configuring an attribute filter using a "1=0" filter condition. This allows the layer to display in the layer list of the application, but denies access to all features and data on the layer.

Support for Anonymous and Authenticated Users

If your GIS service supports both anonymous and authenticated users, consider whether your application will sign in the user and send credentials on requests for services that can be accessed anonymously.

For example, when a Web AppBuilder application accesses a service that allows anonymous access, it does not send additional credentials for requests by signed-in, authenticated users. In this scenario, any additional permissions or filters configured on the service for those authenticated users will not be applied. These users will only have access to the resources available to anonymous users.