arcgis.gis.admin module¶

Classes for administering your GIS.

The gis.admin property is dynamically set at runtime based on what kind of GIS (ArcGIS Enterprise or ArcGIS Online) an administrator connects to. For ArcGIS Online GIS, administrators will get an instance of AGOLAdminManager from the gis.admin property. For ArcGIS Enterprise GIS , administrators will get an instance of PortalAdminManager from the gis.admin property.

AGOLAdminManager¶

class arcgis.gis.admin.AGOLAdminManager(gis, ux=None, metadata=None, collaborations=None)¶

Bases: object

This is the root resource for administering your online GIS. Starting from this root, all of the GIS’s environment is organized into a hierarchy of resources and operations.

Parameter: :param gis: GIS object containing Administrative credentials :param ux: the UX object (optional) :param metadata: the metadata manager object (optional) :param collaborations: the CollaborationManager object (optional)

collaborations¶: The collaborations resource lists all collaborations in which a portal participates

credits¶: manages the credits on a ArcGIS Online

license¶: provides a set of tools to access and manage user licenses and entitlements.

metadata¶: resources to work with metadata on GIS

password_policy¶: tools to manage a Site’s password policy

usage_reports¶: provides access to the usage reports of the AGOL organization

ux¶: returns a UX/UI manager

PortalAdminManager¶

class arcgis.gis.admin.PortalAdminManager(url, gis=None, **kwargs)¶

Bases: arcgis.gis.admin._base.BasePortalAdmin

This is the root resource for administering your portal. Starting from this root, all of the portal’s environment is organized into a hierarchy of resources and operations. A version number is returned as a part of this resource. After installation, the portal can be configured using the Create Site operation. Once initialized, the portal environment is available through System and Security resources.

Parameter: :param url: web address to portaladmin API :param gis: GIS object containing Administrative credentials :param initialize: (optional) if True, properties of REST endpoint are loaded on creation of object. False (default) means they are loaded when needed.

collaborations¶: The collaborations resource lists all collaborations in which a portal participates

federation¶: provides access into the federation settings of a server.

license¶: provides a set of tools to access and manage user licenses and entitlements.

living_atlas¶: provides a set of tools to manage and setup Living Atlas content.

logs¶: returns a class to work with the portal logs

machines¶: This resource lists all the portal machines in a site. Each portal machine has a status that indicates whether the machine is ready to accept requests.

metadata¶: returns a set of tools to work with ArcGIS Enterprise metadata settings.

password_policy¶: tools to manage a Site’s password policy

security¶: accesses the controls for the security of a local portal site

servers¶: returns a server manager object

site¶: Site is the root resources used after a local GIS is installed. Here administrators can create, export, import, and join sites.

system¶: This resource provides access to the ArcGIS Web Adaptor configuration, portal directories, database management server, indexing capabilities, license information, and the properties of your portal.

ux¶: returns a UX/UI manager

CollaborationManager¶

class arcgis.gis.admin.CollaborationManager(gis, portal_id=None)¶

Bases: object

accept_invitation(first_name, last_name, email, invitation_file=None, invitation_JSON=None, webauth_username=None, webauth_password=None, webauth_cert_file=None, webauth_cert_password=None)¶

The accept_invitation operation allows a portal to accept a collaboration invitation. The invitation file received securely from the collaboration host portal must be provided. Once a guest accepts an invitation to a collaboration, it must link workspace(s) associated with the collaboration to local portal group(s). The guest must export a collaboration invitation response file and send it to the host. Once the host processes the response, content can be shared between the host and guest(s).

Inputs:

:first_name:The first name of the contact person for the guest: portal.

:last_name:last name of the contact person :email: email of the contact person :invitation_file: A multipart form parameter—file upload. Use

either this parameter or invitation_JSON.

invitation_JSON:
	the same contents as the invitationFile parameter but passed as a string. Use either this parameter or invitationFile.
webauth_username:
	If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication user name.
webauth_password:
	If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication password.

:webauth_cert_file:If the collaboration host requires web-tier: authentication, optionally use this parameter to provide the host’s web-tier authentication certificate file.
:webauth_cert_password:If the collaboration host requires web-tier: authentication, optionally use this parameter to provide the host’s web-tier authentication certificate password.

Output:

dictionary

collaborate_with(guest_gis, collaboration_name, collaboration_description)¶

A high level method to quickly establish a collaboration between two GIS. This method uses defaults wherever applicable and internally calls the create, accept_invitation and invite_participant methods. This method will create a new group and a new workspace in both the host and guest GIS for this collaboration. Invitation and response files created during the collaborations will be downloaded to the current working directory.

Use the other methods if you need fine-grained control over how the collaboration is set up. :param guest_gis: GIS object of the guest org or Enterprise :param collaboration_name: A generic name for the collaboration. This name is used with prefixes such as wksp_<your_collab_name>, grp_<your_collab_name> to create the collaboration workspace and groups. :param collaboration_description: A generic description for the collaboration. :return: returns True / False

create(name, description, workspace_name, workspace_description, portal_group_id, host_contact_first_name, host_contact_last_name, host_contact_email_address, access_mode='sendAndReceive')¶

The create method creates a collaboration. The host of the collaboration is the portal where it is created. The initial workspace for the collaboration is also created. A portal group in the host portal is linked to the workspace. The access mode for the host portal is set. The contact information associated with the host can be specified; otherwise, the contact information for the administrator user performing the operation will be used.

Inputs:

workspace_description:
name:	name of the collaboration
description:	A description of the collaboration that all participants will see.
workspace_name:	The name of the initial workspace.
	The description of the initial workspace.
portal_group_id:
	ID of group in the portal that will be linked with the workspace.
host_contact_first_name:
	The first name of the contact person for the collaboration host portal.
host_contact_last_name:
	The last name of the contact person for the collaboration host portal.
host_contact_email_address:
	The email address of the contact person for the collaboration host portal.

:access_mode:The organization’s access mode to the workspace.: Values: send | receive | sendAndReceive

Output:: the data item is registered successfully, None otherwise

list()¶: gets all collaborations for a portal

validate_invitation(first_name, last_name, email, invitation_file=None, invitation_JSON=None, webauth_username=None, webauth_password=None, webauth_cert_file=None, webauth_cert_password=None)¶

The validate_invitation method allows a portal to validate a collaboration invitation. The invitation file received securely from the collaboration host portal must be provided. Validation checks include checking that the invitation is for the intended recipient.

Inputs:

:first_name:The first name of the contact person for the guest: portal.

:last_name:last name of the contact person :email: email of the contact person :invitation_file: A multipart form parameter—file upload. Use

either this parameter or invitation_JSON.

invitation_JSON:
	the same contents as the invitationFile parameter but passed as a string. Use either this parameter or invitationFile.
webauth_username:
	If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication user name.
webauth_password:
	If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication password.

:webauth_cert_file:If the collaboration host requires web-tier: authentication, optionally use this parameter to provide the host’s web-tier authentication certificate file.
:webauth_cert_password:If the collaboration host requires web-tier: authentication, optionally use this parameter to provide the host’s web-tier authentication certificate password.

Output:

dictionary

Collaboration¶

class arcgis.gis.admin.Collaboration(collab_manager, collab_id, portal_id=None)¶

Bases: dict

The collaboration resource returns information about the collaboration with a specified ID.

add_group_to_workspace(portal_group, workspace)¶

This operation adds a group to a workspace that participates in a portal-to-portal collaboration. Content shared: to the portal group is shared to other participants in the collaboration.

Parameters:	portal_group – arcgis.gis.Group object or group id string
Returns:

add_workspace(name, description, config, portal_group_id)¶

The add_workspace resource adds a new workspace to a portal-to-portal collaboration. Only collaboration hosts can create new workspaces.

Inputs:

portal_group_id:
name:	The name of the new workspace.
description:	The description of the new workspace.
config:	The configuration details of the new workspace.
	The ID of the portal group linked with the workspace.

Output:

dictionary with status and ID or workspace and collaboration

delete()¶: The delete operation deletes a portal-to-portal collaboration from the host portal. This stops any sharing set up from the collaboration. The collaboration will be removed on guest portals on the next refresh of their content based on the collaboration sharing schedule. Guests cannot delete collaborations, but they can discontinue participation in a collaboration via the removeParticipation endpoint.

export_invitation(out_folder)¶

The exportInvitationResponse operation exports a collaboration invitation response file from a collaboration guest portal. The exported response file must be sent via email or through other communication channels that are established in your organization to the inviting portal’s administrator. The inviting portal’s administrator will then import your response file to complete the establishment of trust between your portals. It is important that the contents of this response file are not intercepted and tampered with by any unknown entity.

inputs:

out_folder:	location to save the file to

Output:

file path

get_invitation(invitation_id)¶: The get_invitation operation returns the information about an invitation to participate in a portal-to-portal collaboration for a particular invitation with the specified ID.

get_participant(portal_id)¶: The participant operation provides information about the collaboration participant with a specified ID.

get_workspace(workspace_id)¶: The workspace resource provides information about the collaboration workspace with a specified ID.

import_invitation_response(response_file, webauth_username=None, webauth_password=None, webauth_cert_file=None, webauth_cert_password=None)¶

The importInvitationResponse operation imports an invitation response file from a portal collaboration guest. The operation is performed on the portal that serves as the collaboration host. Once an invitation response is imported, trust between the host and the guest is established. Sharing of content between participants can proceed from this point.

Inputs:

webauth_username:
response_file:	A multipart form parameter—file upload.
	If the collaboration guest requires web-tier authentication, optionally use this parameter to provide the guest’s web-tier authentication user name.
webauth_password:
	password for the webauth_username
webauth_cert_file:
	If the collaboration guest requires web-tier authentication, optionally use this parameter to provide the guest’s web-tier authentication certificate file.
webauth_cert_password:
	If the collaboration guest requires web-tier authentication, optionally use this parameter to provide the guest’s web-tier authentication certificate password.

Output:

JSON dictionary

invalidate(invitation_id)¶: The invalidate operation invalidates a previously generated portal-to-portal collaboration invitation. If a guest accepts this invitation and sends an invitation response for it, the response will not import successfully on the collaboration host.

invitations¶: The invitations operation returns the invitation information for all the invitations generated by a portal-to-portal collaboration host.

invite_participant(config_json, expiration=24, guest_portal_url=None, guest_gis=None, save_path=None)¶

As a collaboration host, once you have set up a new collaboration, you are ready to invite other portals as participants in your collaboration. The inviteParticipant operation allows you to invite other portals to your collaboration by creating an invitation file. You need to send this invitation file to the administrator of the portal you are inviting to your collaboration. This can be done via email or through other communication channels that are established in your organization. It is important that the contents of this invitation file are not intercepted and tampered with by any unknown entity. The invitation file is in the format collaboration-<guestHostDomain>.invite. The administrator of the participant will accept the invitation by importing the invitation file into their portal. Their acceptance is returned to you as another file that you must import into your portal using the import_invitation_response operation. This will establish trust between your portal and that of your participant.

Inputs:

guest_portal_url:
config_json:	A JSON object containing a map of access modes for the participant in each of the collaboration workspaces. Defined as: send \| receive \| sendAndReceive :Example: config_json = [ {“workspace_id” : “send”}, {“workspace_id2” : “receive”}, {“workspace_id3” : “sendAndReceive”} ]
expiration:	The time in UTC when the invitation to collaborate should expire.
	The URL of the participating org or Enterprise that you want to invite to the collaboration.
guest_gis:	GIS object to the guest collaboration site (optional)
save_path:	Path to download the invitation file to.

Output:

contents of a file that contains the invitation information

participants()¶: The participants resource provides information about all of the participants in a portal-to-portal collaboration.

refresh(invitation_id)¶

The refresh operation refreshes a previously generated portal-to-portal collaboration invitation. The new invitation file is provided via a multipart POST response. The expiration for the invitation is extended an additional 72 hours from the current time.

Inputs:

invitation_id:	ID of the invitation to refresh

Output:

dictionary

remove_participant(portal_id)¶: The remove operation allows a collaboration host to remove a participant from a portal-to-portal collaboration.

remove_participation()¶: The removeParticipation operation removes collaboration participation by a guest from a collaboration, allowing a guest to exit a collaboration. This immediately disables further replication of data to and from the portal and the other collaboration participants.

remove_portal_group_link(workspace_id)¶

The remove_portal_group_link operation removes the link between a collaboration workspace and a portal group. Replication of content discontinues when the link is removed.

Input:

workspace_id:	workspace in.

Output:

dictionary

remove_workspace(workspace_id)¶

The delete operation deletes a collaboration workspace. This immediately disables further replication of data to and from the portal and the collaboration participants.

Inputs:

: workspace_id: uid of the workspace to remove from the: collaboration.

update_access_modes(portal_id, workspace_access_json)¶

The update_access_modes operation updates the access mode for a specific participant in a portal-to-portal collaboration.

Inputs:

workspace_access_json:
portal_id:	ID of the portal
	JSON describing the participant’s access mode.

Output:

dictionary

update_collaboration(name=None, description=None, config=None)¶

The updateInfo operation updates certain properties of a collaboration, primarily its name, description, and configuration properties. The updates are propagated to guests when the next scheduled refresh of content occurs.

Inputs:

name:	name of the collaboration
description:	description of the collaboration
config:	configuration properties of the collaboration

Output:

dictionary

update_portal_group_link(workspace_id, portal_id, enable_realtime_sync=True, interval_hours=1)¶

The updatePortalGroupLink operation updates the group linked with a workspace for a participant in a portal-to-portal collaboration. Content shared to the portal group is shared to other participants in the collaboration.

Inputs:

enable_realtime_sync:
workspace_id:	workspace ID to update the group link
portal_id:	the ID of the portal group link with the workspace
	Determines whether the content shared with the group is shared to other collaboration participants in real time, updating whenever changes are made, or whether the content is shared based on a schedule set by the collaboration host. Values: true or false.
interval_hours:	sets the sharing schedule for the group

Output:

dictionary with success status as boolean

update_workspace(workspace_id, name=None, description=None, config=None)¶

The updateInfo operation updates certain collaboration workspace properties.

Inputs:

workspace_id:	UID of the workspace
name:	name of new workspace
description:	description of new workspace
config:	configuration details of the new workspace

Output:

dictionary

validate_invitation_response(response_file)¶

Prior to importing a collaboration invitation response, the invitation response file can be validated by using the validate_invitation_response operation to check for the existence of the collaboration and validity of the invitation response file.

Inputs:

response_file:	file upload

Output:

dictionary

workspaces¶

CreditManager¶

class arcgis.gis.admin.CreditManager(gis)¶: Manages an AGOL Site’s Credits for users and sites

members:

show-inheritance:
undoc-members:

PasswordPolicy¶

class arcgis.gis.admin.PasswordPolicy(url, gis=None, **kwargs)¶

Bases: arcgis.gis.admin._base.BasePortalAdmin

Manages a GIS Security Policy. Administrators can view, update or reset the site’s security policy.

policy¶: gets/sets the current security policy

reset()¶: resets the security policy to the default install settings

PortalResourceManager¶

class arcgis.gis.admin.PortalResourceManager(gis)¶

Bases: object

Helper class to manage a GIS’ resources

Argument	Description
gis	required GIS, connection to ArcGIS Online or ArcGIS Enterprise

add(key=None, path=None, text=None, **kwargs)¶

The add resource operation allows the administrator to add a file resource, for example, the organization’s logo or custom banner. The resource can be used by any member of the organization. File resources use storage space from your quota and are scanned for viruses.

Argument	Description
key	optional string, look up key for file
path	optional string, file path to the local resource to upload
text	optional string, text value to add to the site’s resources
access	optional string, sets the access level for the resource. The default is ‘public’. Values: public, org, orgprivate

Returns:	boolean

delete(key)¶

The Remove Resource operation allows the administrator to remove a file resource.

Argument	Description
key	optional string, look up key for file to delete

Returns:	boolean

get(resource_name, download_path=None)¶

Download or get a portal resource item

Argument	Description
resource_name	optional string, key/name of data
download_path	optional string, save folder location

Returns:	path to data or raw data if not file.

list(start=1, num=100)¶

returns a list of resources uploaded to portal. The items can be images, files and other content used to stylize and modify a portal’s appearance.

Argument	Description
start	optional int, start location of the search. The default is a value of 1
num	optional int, the number of search results to return at one time. The value ranges between 1-100 (max). Default: 100

Returns:	boolean

UX¶

class arcgis.gis.admin.UX(gis)¶

Bases: object

Helper class for modifying the portal home page. This class is not created by users directly. An instance of the class, called ‘ux’, is available as a property of the GIS object. Users call methods on this ‘ux’ object to set banner, background, logo, name etc.

default_basemap¶

returns the site’s default extent

return: dictionary

default_extent¶

returns the site’s default extent

return: dictionary

description¶

Returns the site’s description.

return: dictionary

description_visibility¶

Returns the site’s description visibility

return: boolean

enable_comments¶: Turn on item comments

featured_content¶

Returns the featured content group information. The information can then be set using the ‘set_featured_content()’.

return: dictionary

Usage Example:

>>> data = ux.get_featured_content()
>>> ux.set_featured_content(data)
True

get_background(download_path)¶

Get your organization’s home page background image. You can use the set_background() method to set an image as the home page background image.

For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-home.htm

Argument	Description
download_path	required string. Folder path to download the background file.

Returns:	Path to downloaded background file.

get_banner(download_path)¶

Get your organization’s home page banner image. You can use the set_banner() method to set an image or custom HTML code as your banner. ================ =============================================================== Argument Description —————- ————————————————————— download_path required string. Folder path to download the banner file. ================ ===============================================================

return: Path to downloaded banner file.

get_logo(download_path)¶

Get your organization’s logo/thumbnail. You can use the set_logo() method to set an image as your logo. ================ =============================================================== Argument Description —————- ————————————————————— download_path required string. Folder path to download the logo file. ================ ===============================================================

return: Path to downloaded logo file.

name¶

Returns the site’s name. The name can get defined using the ‘set_name()’.

return: string of the name of the site

set_background(background_file=None, is_built_in=True)¶

Configure your home page by setting the organization’s background image. You can choose no image, a built-in image or upload your own. If you upload your own image, the image is positioned at the top and center of the page. The image repeats horizontally if it is smaller than the browser or device window. For best results, if you want a single, nonrepeating background image, the image should be 1,920 pixels wide (or smaller if your users are on smaller screens). The website does not resize the image. You can upload a file up to 1 MB in size.

For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-home.htm

Returns:	True \| False

set_banner(banner_file=None, is_built_in=False, custom_html=None)¶

Configure your home page by setting the organization’s banner. You can choose one of the 5 built-in banners or upload your own. For best results the dimensions of the banner image should be 960 x 180 pixels. You can also specify a custom html for how the banner space should appear. For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-home.htm

Argument	Description
banner_file	optional string. If uploading a custom banner, then path to the banner file. If using a built-in banner, valid values are banner-1, banner-2, banner-3, banner-4, banner-5. If None, existing banner is remove.
is_built_in	optional bool, default=False. Specify True if using a built-in banner file.
custom_html	optional string. Specify exactly how the banner should appear in html. For help on this, refer to http://server.arcgis.com/en/portal/latest/administer/windows/supported-html.htm

Returns:	True \| False

set_logo(logo_file=None)¶

Configure your home page by setting the organization’s logo image. For best results the logo file should be 65 x 65 pixels in dimension.

For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-general.htm

Argument	Description
logo_file	optional string. Specify path to image file. If None, existing thumbnail is removed.

Returns:	True \| False

vector_basemap¶: gets/sets the default vector basemap

Federation¶

class arcgis.gis.admin.Federation(url, gis)¶

Bases: arcgis.gis.admin._base.BasePortalAdmin

This resource returns information about the ArcGIS Servers registered with Portal for ArcGIS.

federate(url, admin_url, username, password)¶

This operation enables ArcGIS Servers to be federated with Portal for ArcGIS. Parameters:

url: The URL of the GIS server used by external users when accessing the ArcGIS Server site. If the site includes the Web Adaptor, the URL includes the Web Adaptor address, for example, https://webadaptor.domain.com/arcgis. If you’ve added ArcGIS Server to your organization’s reverse proxy server, the URL is the reverse proxy server address (for example, https://reverseproxy.domain.com/myorg). Note that the federation operation will perform a validation check to determine if the provided URL is accessible from the server site. If the resulting validation check fails, a warning will be generated in the Portal for ArcGIS logs. However, federation will not fail if the URL is not validated, as the URL may not be accessible from the server site, such as is the case when the server site is behind a firewall.

admin_url: The URL used for accessing ArcGIS Server when performing administrative operations on the internal network, for example, https://gisserver.domain.com:6443/arcgis.

username: The username of the primary site administrator account

password: password of the username above.

Output:: server response with server ID

servers¶: This resource returns detailed information about the ArcGIS Servers registered with Portal for ArcGIS, such as the ID of the server, name of the server, ArcGIS Web Adaptor URL, administration URL, and if the server is set as a hosting server.

unfederate(server_id)¶

This operation unfederates an ArcGIS Server from Portal for ArcGIS.

Parameters:

server_id:	unique ID of the server

update(server_id, role, function=None)¶

This operation allows you to set an ArcGIS Server federated with Portal for ArcGIS as the hosting server or to enforce fine-grained access control to a federated server. You can also remove hosting server status from an ArcGIS Server. You can also remove hosting server status from an ArcGIS Server. To set a hosting server, an enterprise geodatabase must be registered as a managed database with the ArcGIS Server.

Parameters:

server_id:

unique id of the server

role:

Whether the server is a hosting server for the portal, a federated server, or a server with restricted access to publishing. The allowed values are:

FEDERATED_SERVER, FEDERATED_SERVER_WITH_RESTRICTED_PUBLISHING, or HOSTING_SERVER.

function:

validate(server_id)¶

This operation provides status information about a specific ArcGIS Server federated with Portal for ArcGIS. Parameters:

server_id: unique id of the server

validate_all()¶: This operation returns information on the status of ArcGIS Servers registered with Portal for ArcGIS.

Logs¶

class arcgis.gis.admin.Logs(url, gis)¶

Bases: arcgis.gis.admin._base.BasePortalAdmin

Logs are records written by various components of the portal. You can query the logs, clean the logs, and edit log settings.

Argument	Description
gis	required GIS, portal connection object
url	required string, web address of the log resource

clean()¶: Deletes all the log files on the machine hosting Portal for ArcGIS. This operation allows you to free up disk space. The logs cannot be recovered after executing this operation.

query(start_time, end_time=None, level='WARNING', query_filter='*', page_size=1000)¶

The query operation allows you to aggregate, filter, and page through logs written by the portal.

Returns:	dictionary of messages

settings¶: Reads/writes the current log settings for the portal.

Machines¶

class arcgis.gis.admin.Machines(url, gis, portaladmin, **kwargs)¶

Bases: arcgis.gis.admin._base.BasePortalAdmin

This resource lists all the portal machines in a site. Each portal machine has a status that indicates whether the machine is ready to accept requests.

get(name)¶: allows for retrieval of a single instance of Machine by it’s registered name.

list()¶: provides a list of all registered machines with the local GIS

Security¶

class arcgis.gis.admin.Security(url, gis=None, **kwargs)¶

This resource is an umbrella for a collection of system-wide resources for your portal. This resource provides access to the ArcGIS Web Adaptor configuration, portal directories, database management server, indexing capabilities, license information, and the properties of your portal.

config¶: The security configuration consists of the identity store configuration. If your portal will be authenticated through ArcGIS Web Adaptor, you must set up your preferred authentication on your web server. Use the Update Identity Store operation to configure your portal to connect to your enterprise identity provider such as Windows Domain or LDAP. By default, Portal for ArcGIS is configured to use the built-in store and token-based authentication.

enterpriseusers¶: provides access into managing enterprise users

groups¶: provides access to managing Enterprise Groups with Portal

oauth¶: The OAuth resource contains a set of operations that update the OAuth2-specific properties of registered applications in Portal for ArcGIS.

ssl¶: Provides access to managing and updating SSL Certificates on a Portal site.

test_identity_store¶

This operation can be used to test the connection to a user or group store.

Parameters:

user_config:	user store configuration
group_config:	group store configuration

tokens¶: This resource represents the token configuration within your portal. Use the set on token_config operation to change the configuration properties of the token service.

update_identity_store(user_config=None, group_config=None)¶

You can use this operation to change the identity provider and group store configuration in your portal. When Portal for ArcGIS is first installed, it supports token-based authentication and built-in groups using the built-in identity store for accounts. To configure your portal to connect to your enterprise authentication mechanism and group store, it must be configured to use an enterprise identity store such as Windows Active Directory or LDAP.

See: http://resources.arcgis.com/en/help/arcgis-rest-api/index.html#/Update_Identity_Store/02r300000249000000/

Parameters:

user_config:	user store configuration
group_config:	group store configuration

OAuth¶

class arcgis.gis.admin.OAuth(url, gis=None, **kwargs)¶

The OAuth resource contains a set of operations that update the OAuth2-specific properties of registered applications in Portal for ArcGIS.

app_info¶: Every application registered with Portal for ArcGIS has a unique client ID and a list of redirect URIs that are used for OAuth. This operation returns these OAuth-specific properties of an application. You can use this information to update the redirect URIs by using the Update App Info operation.

update(current_id, new_id)¶

When new applications are registered with Portal for ArcGIS, a new client ID is generated for the application. This allows the application to access content from the portal. The new client ID does not work if the application developer has programmed against a specific ID. This operation can, therefore, be used to change the client ID to another value as specified by the application developer.

Parameters:: :current_id:The current client ID of an existing application. :new_id: The new client ID to assign to the application.

SSLCertificate¶

class arcgis.gis.admin.SSLCertificate(url, gis=None, **kwargs)¶

represents a single registered certificate

delete()¶: This operation deletes an SSL certificate from the key store. Once a certificate is deleted, it cannot be retrieved or used to enable SSL.

export(out_path=None)¶

This operation downloads an SSL certificate. The file returned by the server is an X.509 certificate. The downloaded certificate can be imported into a client that is making HTTP requests.

Parameters:

out_path:	folder save location

generate_csr(signing_request)¶: This operation generates a certificate signing request (CSR) for a self-signed certificate. A CSR is required by a CA to create a digitally signed version of your certificate.

import_signed_certificate(file_path)¶

imports a certificate authority (CA) signed SSL certificate into the key store.

Parameters:

file_path:	location of the certificate on disk

SSLCertificates¶

class arcgis.gis.admin.SSLCertificates(url, gis=None, **kwargs)¶

Manages the Portal’s SSL Certificates

generate(alias, common_name, organization, key_algorithm='RSA', validity=90, key_size=2048, signature_algorithm='SHA256withRSA', unit='', city='', state='', country_code='', alt_name='')¶

Use this operation to create a self-signed certificate or as a starting point for getting a production-ready CA-signed certificate. The portal will generate a certificate for you and store it in its keystore.

Parameters:

signature_algorithm:
alias:	The name of the certificate. This is a required parameter.
common_name:	The common name used to identify the server for which the certificate is to be generated. This is a required parameter.
organization:	The name of the organization. This is a required parameter.
key_algorithm:	The algorithm used to generate the key pairs. The default is RSA.
validity:	The expiration time for the certificate in days. The default is 90.
key_size:	The size of the key. The default is 2048.
	The algorithm used to sign the self-signed certificates. The default is derived from the key_algorithm parameter.
unit:	The department within which this server resides.
city:	name of the city
state:	name of the state
country_code:	two letter abbrevation of the country
alt_name:	The common name used to identify the server for which the certificate is to be generated. This is a required parameter.

get(alias_name)¶

gets a single SSLCertificate object by the alias name

Parameters: :param alias_name: common name of the certificate Output: returns a single SSLCertificate object if it exists, else it returns None

import_certificate(certificate, alias)¶

This operation imports a certificate authority’s (CA) root and intermediate certificates into the keystore. To create a production quality CA-signed certificate, you need to add the CA certificates into the keystore that enables the SSL mechanism to trust the CA (and the certificates it has signed). While most of the popular CA certificates are already available in the keystore, you can use this operation if you have a custom CA or specific intermediate certificates.

Parameters:

certificate:	path to the file path
alias:	name of the certificate

import_server_certificate(alias, password, certificate)¶

This operation imports an existing server certificate, stored in the PKCS #12 format, into the keystore. If the certificate is a CA signed certificate, you must first import the CA Root or Intermediate certificate using the Import Root or Intermediate Certificate operation.

Parameters:

alias:	name of the certificate
password:	password for the certificate file
certificate:	certificate file

list()¶: list of certificates

update(alias, protocols, cipher_suites)¶

Use this operation to configure the web server certificate, SSL protocols, and cipher suites used by the portal.

Parameters:

:alias:The name of the certificate. This is a required: parameter. The certificate must be already present in the portal.

protocols:

The SSL protocols the portal will use. Valid options are TLSv1, TLSv1.1, and TLSv1.2; values must be comma separated. By default, these options are all enabled.

cipher_suites:

The cipher suites the portal will use. Valid options are:

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_128_CBC_SHA256

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

By default, all of the above options are enabled. Values must be comma separated.

EnterpriseUsers¶

class arcgis.gis.admin.EnterpriseUsers(url, gis=None, **kwargs)¶

The users resource is an umbrella for operations to manage members within Portal for ArcGIS. The resource returns the total number of members in the system.

create(username, password, first_name, last_name, email, role='org_user', level=2, provider='arcgis', idp_username=None, description=None)¶

This operation is used to pre-create built-in or enterprise accounts within the portal. The provider parameter is used to indicate the type of user account.

Parameters:

username:	name of the user account
password:	password of the user account
first_name:	first name for the account
last_name:	last name for the account
email:	email for the account
role:	The role for the user account. The default value is org_user. Values: org_user \| org_publisher \| org_admin
level:	account level to assign the user. Values: 1 or 2
provider:	The provider for the account. The default value is arcgis. Values: arcgis \| enterprise
idp_username:	The name of the user as stored by the enterprise user store. This parameter is only required if the provider parameter is enterprise.
description:	optional description string

get(username)¶

This operation returns the description, full name, and email address for a single user in the enterprise identity (user) store configured with the portal. The username parameter is used to specify the enterprise username. If the user does not exist, an error is returned.

Parameters:

username:	Username of the enterprise account. For Windows Active Directory users, this can be either domainusername or just username. For LDAP users, the format is always username.

refresh_users(users)¶

This operation iterates over every enterprise group configured in the portal and determines if the input user accounts belong to any of the configured enterprise groups. If there is any change in membership, the database and the indexes are updated for each user account. While portal automatically refreshes the memberships during a user login and during a periodic refresh (configured through the Update Identity Store operation), this operation allows an administrator to force a refresh.

Parameters:

users:	comma seperated list of users.

search(query='', max_count=255)¶

This operation searches users in the configured enterprise user store. You can narrow down the search using the filter parameter.

Parameters:

query:	search criteria
max_count:	maximum number of records returned

update(username, idp_username)¶

This operation allows an administrator to update the idp_username for an enterprise user in the portal. This is used when migrating from accounts used with web-tier authentication to SAML authentication.

Parameters:

username:	username of the enterprise account
idp_username:	username used by the SAML identity provider

EnterpriseGroups¶

class arcgis.gis.admin.EnterpriseGroups(url, gis=None, **kwargs)¶

The groups resource is an umbrella for operations to manage enterprise groups within the portal. The resource returns the total number of groups in the system.

get_group_users(name, query='', max_count=255)¶

This operation returns the users that are currently assigned to the enterprise group within the enterprise user/group store. You can use the filter parameter to narrow down the user search.

Parameters:

name:	name of the enterprise group
query:	optional filter to narror down the search
max_count:	maximum number of users

get_user_groups(username, query='', max_count=255)¶

This operation lists the groups assigned to a user account in the configured enterprise group store.

Parameters:

username:	name of the user account
query:	wildcard string used to filter the search
max_count:	number of groups to return

refresh_groups(groups)¶

This operation iterates over every enterprise account configured in the portal and determines if the user account is a part of the input enterprise group. If there are any change in memberships, the database and the indexes are updated for each group. While portal automatically refreshes the memberships during a user login and during a periodic refresh configured through the Update Identity Store operation, this operation allows an administrator to force a refresh.

Parameters:

groups:	comma seperated list of group names to be refreshed

search(query='', max_count=255)¶

This operation searches groups in the configured enterprise group store. You can narrow down the search using the filter parameter.

Parameters:

query:	optional parameter to narrow group search
max_count:	max number of records to return

Site¶

class arcgis.gis.admin.Site(url, portaladmin, **kwargs)¶

Bases: arcgis.gis.admin._base.BasePortalAdmin

Site is the root resources used after a local GIS is installed. Here administrators can create, export, import, and join sites.

create(username, password, full_name, email, content_store, description='', question_idx=None, question_ans=None)¶

The create site operation initializes and configures Portal for ArcGIS for use. It must be the first operation invoked after installation. Creating a new site involves:

Creating the initial administrator account

Creating a new database administrator account (which is same as the initial administrator account)

Creating token shared keys

Registering directories

This operation is time consuming, as the database is initialized and populated with default templates and content. If the database directory is not empty, this operation attempts to migrate the database to the current version while keeping its data intact. At the end of this operation, the web server that hosts the API is restarted.

Parameters:

username:	initial admin account name
password:	password for initial admin account
full_name:	full name of the admin account
email:	account email address
content_store:	JSON string including the path to the location of the site’s content.
description:	optional descript for the account
question_idx:	index of the secret question to retrieve a forgotten password
question_ans:	answer to the secret question

export_site(location)¶

This operation exports the portal site configuration to a location you specify. The exported file includes the following information:

Content directory - the content directory contains the data

associated with every item in the portal

Database dump file - a plain-text file that contains the SQL

commands required to reconstruct the portal database

Configuration store connection file - a JSON file that contains

the database connection information

Parameters:

location:	path to the folder accessible to the portal where the exported site configuration will be written.

import_site(location)¶

The importSite operation lets you restore your site from a backup site configuration file that you created using the exportSite operation. It imports the site configuration file into the currently running portal site. The importSite operation will replace all site configurations with information included in the backup site configuration file. See the export_site operation documentation for details on what the backup file includes. The importSite operation also updates the portal content index.

Parameters:

location:	A file path to an exported configuration.

join(admin_url, username, password)¶

The joinSite operation connects a portal machine to an existing site. You must provide an account with administrative privileges to the site for the operation to be successful. When an attempt is made to join a site, the site validates the administrative credentials, then returns connection information about its configuration store back to the portal machine. The portal machine then uses the connection information to work with the configuration store. If this is the first portal machine in your site, use the Create Site operation instead. The joinSite operation:

Registers a machine to an existing site (active machine)

Creates a snapshot of the database of the active machine

Updates the token shared key

Updates Web Adaptor configurations

Sets up replication to keep the database of both machines in sync The operation is time-consuming as the database is configured on the machine and all configurations are applied from the active machine. After the operation is complete, the web server that hosts the API will be restarted.

Parameters:

admin_url:	The admin URL of the existing portal site to which a machine will be joined
username:	username for the initial administrator account of the existing portal site.
password:	password for the initial administrator account of the existing portal site.

System¶

class arcgis.gis.admin.System(url, gis=None, **kwargs)¶

This resource is an umbrella for a collection of system-wide resources for your portal. This resource provides access to the ArcGIS Web Adaptor configuration, portal directories, database management server, indexing capabilities, license information, and the properties of your portal.

database¶: The database resource represents the database management system (DBMS) that contains all of the portal’s configuration and relationship rules. This resource also returns the name and version of the database server currently running in the portal. You can use the properety to update database accounts

directories¶

The directories resource is a collection of directories that are used by the portal to store and manage content. Beginning at 10.2.1, Portal for ArcGIS supports five types of directories:

Content directory-The content directory contains the data associated with every item in the portal.

Database directory-The built-in security store and sharing rules are stored in a Database server that places files in the database directory.

Temporary directory - The temporary directory is used as a scratch workspace for all the portal’s runtime components.

Index directory-The index directory contains all the indexes associated with the content in the portal. The indexes are used for quick retrieval of information and for querying purposes.

Logs directory-Errors and warnings are written to text files in the log file directory. Each day, if new errors or warnings are encountered, a new log file is created.

If you would like to change the path for a directory, you can use the Edit Directory operation.

index_status¶: The status resource allows you to view the status of the indexing service. You can view the number of users, groups, and search items in both the database (store) and the index. If the database and index do not match, indexing is either in progress or there is a problem with the index. It is recommended that you reindex to correct any issues. If indexing is in progress, you can monitor the status by refreshing the page.

languages¶: This resource gets/sets which languages will appear in portal content search results. Use the Update languages operation to modify which language’content will be available.

licenses¶: Portal for ArcGIS requires a valid license to function correctly. This resource returns the current status of the license. Starting at 10.2.1, Portal for ArcGIS enforces the license by checking the number of registered members and comparing it with the maximum number of members authorized by the license. Contact Esri Customer Service if you have questions about license levels or expiration properties.

properties¶

Gets/Sets the system properties that have been modified to control the portal’s environment. The list of available properties are:

privatePortalURL-Informs the portal that it has a front end load-balancer/proxy reachable at the URL. This property is typically used to set up a highly available portal configuration

portalLocalhostName-Informs the portal back-end to advertise the value of this property as the local portal machine. This is typically used during federation and when the portal machine has one or more public host names.

httpProxyHost-Specifies the HTTP hostname of the proxy server

httpProxyPort-Specifies the HTTP port number of the proxy server

httpProxyUser-Specifies the HTTP proxy server username.

httpProxyPassword-Specifies the HTTP proxy server password.

isHttpProxyPasswordEncrypted-Set this property to false when you are configuring the HTTP proxy server password in plain text. After configuration, the password will be encrypted and this property will be set to true

httpsProxyHost-Specifies the HTTPS hostname of the proxy server

httpsProxyPort-Specifies the HTTPS port number of the proxy server

httpsProxyUser-Specifies the HTTPS proxy server username

httpsProxyPassword-Specifies the HTTPS proxy server password

isHttpsProxyPasswordEncrypted-Set this property to false when you are configuring the HTTPS proxy server password in plain text. After configuration, the password will be encrypted and this property will be set to true.

nonProxyHosts-If you want to federate ArcGIS Server and the site does not require use of the forward proxy, list the server machine or site in the nonProxyHosts property. Machine and domain items are separated using a pipe (|).

WebContextURL-If you are using a reverse proxy, set this property to reverse proxy URL.

reindex(mode='FULL', includes=None)¶

This operation allows you to generate or update the indexes for content; such as users, groups, and items stored in the database (store). During the process of upgrading an earlier version of Portal for ArcGIS, you are required to update the indexes by running this operation. You can check the status of your indexes using the status resource.

Parameters:

mode:	mode in which the indexer should run. Values: USER_MODE \| GROUP_MODE \| SEARCH_MODE \| FULL
includes:	An optional comma separated list of elements to include in the index. This is useful if you want to only index certain items or user accounts.

web_adaptors¶: The Web Adaptors resource lists the ArcGIS Web Adaptor configured with your portal. You can configure the Web Adaptor by using its configuration web page or the command line utility provided with the installation.

Licenses¶

class arcgis.gis.admin.Licenses(url, gis=None, **kwargs)¶

Portal for ArcGIS requires a valid license to function correctly. This resource returns the current status of the license. As of 10.2.1, Portal for ArcGIS enforces the license by checking the number of registered members and comparing it with the maximum number of members authorized by the license. Contact Esri Customer Service if you have questions about license levels or expiration properties. Starting at 10.5, Portal for ArcGIS enforces two levels of membership for licensing to define sets of privileges for registered members and their assigned roles.

entitlements(app='arcgisprodesktop')¶

This operation returns the currently queued entitlements for a product, such as ArcGIS Pro or Navigator for ArcGIS, and applies them when their start dates become effective. It’s possible that all entitlements imported using the Import Entitlements operation are effective immediately and no entitlements are added to the queue. In this case, the operation returns an empty result.

Parameters:

app:	application lookup

import_entitlements(file, application)¶

This operation allows you to import entitlements for ArcGIS Pro and additional products such as Navigator for ArcGIS into your licensing portal. Once the entitlements have been imported, you can assign licenses to users within your portal. The operation requires an entitlements file that has been exported out of your ArcGIS License Server Administrator or out of My Esri, depending on the product. A typical entitlements file will have multiple parts, each representing a set of entitlements that are effective at a specific date. The parts that are effective immediately will be configured to be the current entitlements. Other parts will be added to a queue. The portal framework will automatically apply the parts when they become effective. You can use the Get Entitlements operation to see the parts that are in the queue. Each time this operation is invoked, it overwrites all existing entitlements, even the ones that are in the queue.

Parmeters:

file:	entitlement file
application:	application identifier to be imported

Returns:

JSON response

release_license(username)¶: If a user checks out an ArcGIS Pro license for offline or disconnected use, this operation releases the license for the specified account. A license can only be used with a single device running ArcGIS Pro. To check in the license, a valid access token and refresh token is required. If the refresh token for the device is lost, damaged, corrupted, or formatted, the user will not be able to check in the license. This prevents the user from logging in to ArcGIS Pro from any other device. As an administrator, you can release the license. This frees the outstanding license and allows the user to check out a new license or use ArcGIS Pro in a connected environment.

remove_all(application)¶: This operation removes all entitlements from the portal for ArcGIS Pro or additional products such as Navigator for ArcGIS and revokes all entitlements assigned to users for the specified product. The portal is no longer a licensing portal for that product. License assignments are retained on disk. Therefore, if you decide to configure this portal as a licensing portal for the product again in the future, all licensing assignments will be available in the website.

remove_entitlement(app='arcgisprodesktop')¶: deletes an entitlement from a site

update_license_manager(info)¶

ArcGIS License Server Administrator works with your portal and enforces licenses for ArcGIS Pro. This operation allows you to change the license server connection information for your portal. When you import entitlements into portal using the Import Entitlements operation, a license server is automatically configured for you. If your license server changes after the entitlements have been imported, you only need to change the license server connection information. You can register a backup license manager for high availability of your licensing portal. When configuring a backup license manager, you need to make sure that the backup license manager has been authorized with the same organizational entitlements. After configuring the backup license manager, Portal for ArcGIS is restarted automatically. When the restart completes, the portal is configured with the backup license server you specified. Parameter:

info: JSON representation of the license server connection information.

Directory¶

class arcgis.gis.admin.Directory(url, gis=None, **kwargs)¶

A directory is a file system-based folder that contains a specific type of content for the portal. The physicalPath property of a directory locates the actual path of the folder on the file system. Beginning at 10.2.1, Portal for ArcGIS supports local directories and network shares as valid locations. During the Portal for ArcGIS installation, the setup program asks you for the root portal directory (that will contain all the portal’s sub directories). However, you can change each registered directory through this API.

properties¶: The properties operation on a directory can be used to change the physical path and description properties of the directory. This is useful when changing the location of a directory from a local path to a network share. However, the API does not copy your content and data from the old path to the new path. This has to be done independently by the system administrator.

WebAdaptor¶

class arcgis.gis.admin.WebAdaptor(url, gis=None, **kwargs)¶

The ArcGIS Web Adaptor is a web application that runs in a front-end web server. One of the Web Adaptor’s primary responsibilities is to forward HTTP requests from end users to Portal for ArcGIS. The Web Adaptor acts a reverse proxy, providing the end users with an entry point to the system, hiding the back-end servers, and providing some degree of immunity from back-end failures. The front-end web server can authenticate incoming requests against your enterprise identity stores and provide specific authentication schemes such as Integrated Windows Authentication (IWA), HTTP Basic, or Digest. Most importantly, a Web Adaptor provides your end users with a well defined entry point to your system without exposing the internal details of your portal. Portal for ArcGIS will trust requests being forwarded by the Web Adaptor and will not challenge the user for any credentials. However, the authorization of the request (by looking up roles and permissions) is still enforced by the portal’s sharing rules.

unregister()¶: You can use this operation to unregister the ArcGIS Web Adaptor from your portal. Once a Web Adaptor has been unregistered, your portal will no longer trust the Web Adaptor and will not accept any credentials from it. This operation is typically used when you want to register a new Web Adaptor or when your old Web Adaptor needs to be updated.

WebAdaptors¶

class arcgis.gis.admin.WebAdaptors(url, gis=None, **kwargs)¶

The Web Adaptors resource lists the ArcGIS Web Adaptor configured with your portal. You can configure the Web Adaptor by using its configuration web page or the command line utility provided with the installation.

configuration¶: Gets/Sets the common properties and configuration of the ArcGIS Web Adaptor configured with the portal.

list()¶: returns all instances of WebAdaptors