arcgis.gis.admin module

Classes for administering your GIS.

The gis.admin property is dynamically set at runtime based on what kind of GIS (ArcGIS Enterprise or ArcGIS Online) an administrator connects to. For ArcGIS Online GIS, administrators will get an instance of AGOLAdminManager from the gis.admin property. For ArcGIS Enterprise GIS , administrators will get an instance of PortalAdminManager from the gis.admin property.

AGOLAdminManager

class arcgis.gis.admin.AGOLAdminManager(gis, ux=None, metadata=None, collaborations=None)

Bases: object

This is the root resource for administering your online GIS. Starting from this root, all of the GIS’s environment is organized into a hierarchy of resources and operations.

Parameter: :param gis: GIS object containing Administrative credentials :param ux: the UX object (optional) :param metadata: the metadata manager object (optional) :param collaborations: the CollaborationManager object (optional)

property category_schema

This resource allows for the setting and manipulating of catagory schemas.

property certificates

Provides access to managing the organization’s certificates.

property collaborations

The collaborations resource lists all collaborations in which a portal participates

property credits

manages the credits on a ArcGIS Online

history(start_date, num=100, save_folder=None)

Returns a CSV file containing the login history from a start_date to the present.

Argument

Description

start_date

Required datetime.datetime object. The beginning date.

num

Optional Integer. The maximum number of records to return.

save_folder

Optional String. The save location of the CSV file.

Returns

string

property idp

This resource allows for the setting and configuration of the identity provider

property license

provides a set of tools to access and manage user licenses and entitlements.

property location_tracking

The manager for Location Tracking. See :class:`~arcgis.apps.tracker.LocationTrackingManager’.

property metadata

resources to work with metadata on GIS

property password_policy

tools to manage a Site’s password policy

property social_providers

This resource allows for the setting and configuration of the social providers for a GIS.

property urls

returns the URLs to the Hosting and Tile Server for ArcGIS Online

property usage_reports

provides access to the usage reports of the AGOL organization

property ux

returns a UX/UI manager

PortalAdminManager

class arcgis.gis.admin.PortalAdminManager(url, gis=None, **kwargs)

Bases: arcgis.gis.admin._base.BasePortalAdmin

This is the root resource for administering your portal. Starting from this root, all of the portal’s environment is organized into a hierarchy of resources and operations. A version number is returned as a part of this resource. After installation, the portal can be configured using the Create Site operation. Once initialized, the portal environment is available through System and Security resources.

Parameter: :param url: web address to portaladmin API :param gis: GIS object containing Administrative credentials :param initialize: (optional) if True, properties of REST endpoint are loaded on creation of object. False (default) means they are loaded when needed.

property category_schema

This resource allows for the setting and manipulating of catagory schemas.

property collaborations

The collaborations resource lists all collaborations in which a portal participates

property federation

provides access into the federation settings of a server.

history(start_date, num=100, save_folder=None)

Returns a CSV file containing the login history from a start_date to the present.

Argument

Description

start_date

Required datetime.datetime object. The beginning date.

num

Optional Integer. The maximum number of records to return.

save_folder

Optional String. The save location of the CSV file.

Returns

string

property idp

This resource allows for the setting and configuration of the identity provider

property license

provides a set of tools to access and manage user licenses and entitlements.

property living_atlas

provides a set of tools to manage and setup Living Atlas content.

property location_tracking

The manager for Location Tracking. See :class:`~arcgis.apps.tracker.LocationTrackingManager’.

property logs

returns a class to work with the portal logs

property machines

This resource lists all the portal machines in a site. Each portal machine has a status that indicates whether the machine is ready to accept requests.

property metadata

returns a set of tools to work with ArcGIS Enterprise metadata settings.

property password_policy

tools to manage a Site’s password policy

property security

accesses the controls for the security of a local portal site

property servers

returns a server manager object

property site

Site is the root resources used after a local GIS is installed. Here administrators can create, export, import, and join sites.

property social_providers

This resource allows for the setting and configuration of the social providers for a GIS.

property system

This resource provides access to the ArcGIS Web Adaptor configuration, portal directories, database management server, indexing capabilities, license information, and the properties of your portal.

property ux

returns a UX/UI manager

property webhooks

Provides access to Portal’s WebHook Manager

Bundle

class arcgis.gis.admin.Bundle(url, properties=None, gis=None)

Bases: object

This represents a single instance of an application bundle

assign(users)

Assigns the current application bundle to a list of users

Argument

Description

users

Required List. A list of user names or User objects to assign the current application bundle to.

Returns

boolean

property properties

returns the application bundles properties

revoke(users)

Revokes the current application bundle to a list of users

Argument

Description

users

Required List. A list of user names or User objects to remove the current application bundle to.

Returns

boolean

property users

returns a list of users assigned the application bundle

CategoryManager

class arcgis.gis.admin.CategoryManager(gis)

Bases: object

This class allows for the addition, removal and viewing of category schema.

add(items, category)

Adds a category to an existing set of items

Argument

Description

items

Required Items. The content within a GIS that will be updated with a list of categories.

category

Required String. Assigns a category value to the items.

>>> item = [gis.content.get("<item id 1>"),
            gis.content.get("<item id 2>")]
>>> cs = gis.admin.category_schema
>>> print(cs.add(items=[item], category="/Categories/TEST3"))
[{'results': [{'itemId': '<item id 1>', 'success': True}]},
 {'results': [{'itemId': '<item id 2>', 'success': True}]}]
Returns

dict

categorize_item(item, categories)

Assigns or removes a category to a single item.

Argument

Description

item

Required Item or Item ID (string). The content within a GIS that will be updated with a list of categories.

categories

Required list. Assigns a list of string values to the item’s categories

Returns

boolean

remove(items, category)

remove a category to an item or items

replace(items, old_category, new_catgory)

finds and replaces a category value with a new value one

reset(items)

deletes all the categories for a given set of items

property schema

Get/Sets the catagory schema for a GIS.

When schema is used as a getter, then operation returns the GIS’ defined category schema is any.

When schema is used as a setter, the parameter:

Argument

Description

value

optional list. The schema list. Syntax Example: [

{

“title”: “Themes”, “categories”: [

{

“title”: “Basemaps”, “categories”: [

{“title”: “Partner Basemap”}, {

“title”: “Esri Basemaps”, “categories”: [

{“title”: “Esri Redlands Basemap”}, {“title”: “Esri Highland Basemap”}

]

}

]

},

{

“title”: “Region”, “categories”: [

{“title”: “US”}, {“title”: “World”}

]

}]}]

CollaborationManager

class arcgis.gis.admin.CollaborationManager(gis, portal_id=None)

Bases: object

accept_invitation(first_name, last_name, email, invitation_file=None, invitation_JSON=None, webauth_username=None, webauth_password=None, webauth_cert_file=None, webauth_cert_password=None)

The accept_invitation operation allows a portal to accept a collaboration invitation. The invitation file received securely from the collaboration host portal must be provided. Once a guest accepts an invitation to a collaboration, it must link workspace(s) associated with the collaboration to local portal group(s). The guest must export a collaboration invitation response file and send it to the host. Once the host processes the response, content can be shared between the host and guest(s).

Argument

Description

first_name

Required string. The first name of the contact person for the guest portal.

last_name

Required string. The last name of the contact person.

email

Required string. The email of the contact person.

invitation_file

Optional string. The invite file to upload to portal. Use either this parameter or invitation_JSON.

invitation_JSON

Optional string. The same contents as the invitation_file parameter but passed as a string. Use either this parameter or invitation_file.

webauth_username

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication user name.

webauth_password

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication password.

webauth_cert_file

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate file.

webauth_cert_password

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate password.

Returns

dict

collaborate_with(guest_gis, collaboration_name, collaboration_description)

A high level method to quickly establish a collaboration between two GIS. This method uses defaults wherever applicable and internally calls the create, accept_invitation and invite_participant methods. This method will create a new group and a new workspace in both the host and guest GIS for this collaboration. Invitation and response files created during the collaborations will be downloaded to the current working directory.

Use the other methods if you need fine-grained control over how the collaboration is set up.

Argument

Description

guest_gis

Required GIS. GIS object of the guest org or Enterprise.

collaboration_name

Required string. A generic name for the collaboration. This name is used with prefixes such as wksp_<your_collab_name>, grp_<your_collab_name> to create the collaboration workspace and groups.

collaboration_description

Optional string. A generic description for the collaboration.

Returns

boolean

create(name, description, workspace_name, workspace_description, portal_group_id, host_contact_first_name, host_contact_last_name, host_contact_email_address, access_mode='sendAndReceive')

The create method creates a collaboration. The host of the collaboration is the portal where it is created. The initial workspace for the collaboration is also created. A portal group in the host portal is linked to the workspace. The access mode for the host portal is set. The contact information associated with the host can be specified; otherwise, the contact information for the administrator user performing the operation will be used.

Argument

Description

name

Required string. Name of the collaboration

description

Required string. Description of the collaboration

workspace_name

Required string. The name of the initial workspace.

workspace_description

Required string. The description of the initial workspace.

portal_group_id

Required string. ID of group in the portal that will be linked with the workspace.

host_contact_first_name

Required string. The first name of the contact person for the collaboration host portal.

host_contact_last_name

Required string. The last name of the contact person for the collaboration host portal.

host_contact_email_address

Required string. The email address of the contact person for the collaboration host portal.

access_mode

Required string. The organization’s access mode to the workspace. Values: send | receive | sendAndReceive (default)

Returns

the data item is registered successfully, None otherwise

list()

gets all collaborations for a portal

validate_invitation(first_name, last_name, email, invitation_file=None, invitation_JSON=None, webauth_username=None, webauth_password=None, webauth_cert_file=None, webauth_cert_password=None)

The validate_invitation method allows a portal to validate a collaboration invitation. The invitation file received securely from the collaboration host portal must be provided. Validation checks include checking that the invitation is for the intended recipient.

Argument

Description

first_name

Required string. The first name of the contact person for the guest portal.

last_name

Required string. The last name of the contact person.

email

Required string. The email of the contact person.

invitation_file

Optional string. The invite file to upload to portal. Use either this parameter or invitation_JSON.

invitation_JSON

Optional string. The same contents as the invitation_file parameter but passed as a string. Use either this parameter or invitation_file.

webauth_username

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication user name.

webauth_password

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication password.

webauth_cert_file

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate file.

webauth_cert_password

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate password.

Returns

dict

Collaboration

class arcgis.gis.admin.Collaboration(collab_manager, collab_id, portal_id=None)

Bases: dict

The collaboration resource returns information about the collaboration with a specified ID.

add_group_to_workspace(portal_group, workspace)
This operation adds a group to a workspace that participates in a portal-to-portal collaboration. Content shared

to the portal group is shared to other participants in the collaboration.

Argument

Description

portal_group

Required Group of string. Group ID or object to add to the workspace.

Returns

dict

add_workspace(name, description, config, portal_group_id)

The add_workspace resource adds a new workspace to a portal-to-portal collaboration. Only collaboration hosts can create new workspaces.

Argument

Description

name

Required string. The name of the workspace.

description

Required string. Brief description of the workspace.

portal_group_id

Required string. The ID of the portal group linked with the workspace.

Returns

dict

delete()

The delete operation deletes a portal-to-portal collaboration from the host portal. This stops any sharing set up from the collaboration. The collaboration will be removed on guest portals on the next refresh of their content based on the collaboration sharing schedule. Guests cannot delete collaborations, but they can discontinue participation in a collaboration via the removeParticipation endpoint.

export_invitation(out_folder)

The exportInvitationResponse operation exports a collaboration invitation response file from a collaboration guest portal. The exported response file must be sent via email or through other communication channels that are established in your organization to the inviting portal’s administrator. The inviting portal’s administrator will then import your response file to complete the establishment of trust between your portals. It is important that the contents of this response file are not intercepted and tampered with by any unknown entity.

Argument

Description

out_folder

Required string. Save location of the file.

Returns

string

get_invitation(invitation_id)

The get_invitation operation returns the information about an invitation to participate in a portal-to-portal collaboration for a particular invitation with the specified ID.

get_participant(portal_id)

The participant operation provides information about the collaboration participant with a specified ID.

get_workspace(workspace_id)

The workspace resource provides information about the collaboration workspace with a specified ID.

import_invitation_response(response_file, webauth_username=None, webauth_password=None, webauth_cert_file=None, webauth_cert_password=None)

The importInvitationResponse operation imports an invitation response file from a portal collaboration guest. The operation is performed on the portal that serves as the collaboration host. Once an invitation response is imported, trust between the host and the guest is established. Sharing of content between participants can proceed from this point.

Argument

Description

response_file

Required string. File path to the response file.

webauth_username

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication user name.

webauth_password

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication password.

webauth_cert_file

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate file.

webauth_cert_password

Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate password.

Returns

dict

invalidate(invitation_id)

The invalidate operation invalidates a previously generated portal-to-portal collaboration invitation. If a guest accepts this invitation and sends an invitation response for it, the response will not import successfully on the collaboration host.

property invitations

The invitations operation returns the invitation information for all the invitations generated by a portal-to-portal collaboration host.

invite_participant(config_json, expiration=24, guest_portal_url=None, guest_gis=None, save_path=None)

As a collaboration host, once you have set up a new collaboration, you are ready to invite other portals as participants in your collaboration. The inviteParticipant operation allows you to invite other portals to your collaboration by creating an invitation file. You need to send this invitation file to the administrator of the portal you are inviting to your collaboration. This can be done via email or through other communication channels that are established in your organization. It is important that the contents of this invitation file are not intercepted and tampered with by any unknown entity. The invitation file is in the format collaboration-<guestHostDomain>.invite. The administrator of the participant will accept the invitation by importing the invitation file into their portal. Their acceptance is returned to you as another file that you must import into your portal using the import_invitation_response operation. This will establish trust between your portal and that of your participant.

Argument

Description

config_json

Required dict. A dict containing a map of access modes for the participant in each of the collaboration workspaces. Defined as: send | receive | sendAndReceive

Example

config_json = [

{“workspace_id” : “send”}, {“workspace_id2” : “receive”}, {“workspace_id3” : “sendAndReceive”}

]

expiration

Optional integer. The time in UTC when the invitation to collaborate should expire.

guest_portal_url

Optional string. The URL of the participating org or Enterprise that you want to invite to the collaboration.

guest_gis

Optional GIS. GIS object to the guest collaboration site.

save_path

Optional string. Path to download the invitation file to.

Returns

contents of a file that contains the invitation information

participants()

The participants resource provides information about all of the participants in a portal-to-portal collaboration.

refresh(invitation_id)

The refresh operation refreshes a previously generated portal-to-portal collaboration invitation. The new invitation file is provided via a multipart POST response. The expiration for the invitation is extended an additional 72 hours from the current time.

Argument

Description

invitation_id

Required string. ID of the invitation to refresh

Returns

dict

remove_participant(portal_id)

The remove operation allows a collaboration host to remove a participant from a portal-to-portal collaboration.

Argument

Description

portal_id

Required string. ID of the portal to remove.

Returns

dict

remove_participation()

The removeParticipation operation removes collaboration participation by a guest from a collaboration, allowing a guest to exit a collaboration. This immediately disables further replication of data to and from the portal and the other collaboration participants.

The remove_portal_group_link operation removes the link between a collaboration workspace and a portal group. Replication of content discontinues when the link is removed.

Argument

Description

workspace_id

Required string. Workspace ID to remove from the link.

Returns

dict

remove_workspace(workspace_id)

The delete operation deletes a collaboration workspace. This immediately disables further replication of data to and from the portal and the collaboration participants.

Argument

Description

workspace_id

Optional string. UID of the workspace to remove from the collaboration.

Returns

dict

schedule(workspace_id)

Collaboration guests can use the schedule resource to return a job schedule for synchronized items in a collaboration workspace. The response is a single JSON object that represents a job schedule.

Argument

Description

workspace_id

Required string. Workspace ID to remove from the link.

Returns

dict

sync(workspace_id, run_async=False)

The sync endpoint is provided to allow execution of a data sync on a particular workspace. The operation is allowed on the participant that is designated to initiate sync operations as determined during trust establishment between the collaboration host and a guest participant. Typically, the guest participant is designated to initiate sync operations. Note that if a scheduled sync operation is already in progress a new sync is not started unless the current sync operation is finished.

When running sync in synchronous mode, the client will be blocked until the operation is completed. Invoking sync in synchronous mode is good for quickly syncing an item (that is not large) if the client does not want to wait for the next scheduled sync.

Asynchronous mode allows a client to get response immediately so it does not have to wait and is not blocked from performing other tasks.

Argument

Description

workspace_id

Required string. Workspace ID to remove from the link.

run_async

Optional Boolean. When true, the job will run asynchronously.

Returns

dict

sync_details(workspace_id, sync_id)

Provides a detailed description of status for a selected sync ID.

Argument

Description

workspace_id

Required string. Workspace ID to remove from the link.

sync_id

Required String. When a sync is performed, an ID is generated to track the status of the synchronization of the collaboration.

Returns

dict

update_access_modes(portal_id, workspace_access_json)

The update_access_modes operation updates the access mode for a specific participant in a portal-to-portal collaboration.

Argument

Description

portal_id

Required string. UID of the Portal

workspace_access_json

Required dict/string. JSON describing the participant’s access mode.

Returns

dict

update_collaboration(name=None, description=None, config=None)

The updateInfo operation updates certain properties of a collaboration, primarily its name, description, and configuration properties. The updates are propagated to guests when the next scheduled refresh of content occurs.

Argument

Description

name

Optional string. Name of the collaboration

description

Optional string. The description of the collaboration

config

Optional dict. The configuration properties of the collaboration

Returns

dict

update_item_delete_policy(participant_id, delete_contributed_items=False, delete_received_items=False)

The participants resource provides information about all of the participants in a portal-to-portal collaboration.

Argument

Description

participant_id

Required String. The participant unique id to update.

delete_contributed_items

Optional Boolean. When a participant leaves or deletes a collaboration, this property determines whether contributed items will be deleted or maintained.

delete_received_items

Optional Boolean. When a participant leaves or deletes a collaboration, this property determines whether received items will be deleted or maintained.

Returns

Boolean

The update_portal_group_link operation updates the group linked with a workspace for a participant in a portal-to-portal collaboration. Content shared to the portal group is shared to other participants in the collaboration.

Argument

Description

workspace_id

Required string. UID of the workspace

portal_id

Required string. UID of the Portal

enable_realtime_sync

Optional boolean. Determines whether the content shared with the group is shared to other collaboration participants in real time, updating whenever changes are made, or whether the content is shared based on a schedule set by the collaboration host.

copy_feature_service_data

Optional boolean. Boolean value used when Feature Service data is shared in a group that is linked to a distributed collaboration workspace. When set to “true” Feature Service data will be copied to collaboration participants.

Returns

dict

update_schedule(workspace_id, start_time, interval=24, repeat_count=-1)

Collaboration guests can use the schedule resource to return a job schedule for synchronized items in a collaboration workspace. The response is a single JSON object that represents a job schedule.

Argument

Description

workspace_id

Required string. Workspace ID to remove from the link.

start_time

Required Integer. A job’s scheduled start time. The startTime is in Unix time in milliseconds. The default is the current time of the request call.

interval

Optional Integer. A positive integer that represents time (in hours) between each job trigger. The default interval is 24 hours.

repeat_count

Optional Integer. A positive integer or -1 which represents how many times to keep re-triggering this job after which it will be automatically deleted. The default is -1 which means repeat indefinitely.

Returns

Boolean

update_workspace(workspace_id, name=None, description=None, config=None, max_item_size=None, max_replication_size=None, copy_by_ref_on_fail=False)

The updateInfo operation updates certain collaboration workspace properties.

Argument

Description

workspace_id

Required string. UID of the workspace

name

Optional string. The name of the workspace

description

Optional string. A brief set of texts that explains the workspace

config

Optional dict. The configuration details of the new workspace. Removed at 10.6.

max_item_size

Optional Integer. The maximum item size in MBs.

max_replication_size

Optional Integer. The maximum replication item size in MBs.

copy_by_ref_on_fail

Optional Boolean. Determines whether a failed attempt to copy should revert to sharing by reference. For example, in cases where the imposed size limit has been exceeded.

Returns

dict

validate_invitation_response(response_file)

Prior to importing a collaboration invitation response, the invitation response file can be validated by using the validate_invitation_response operation to check for the existence of the collaboration and validity of the invitation response file.

Argument

Description

response_file

Required string. Path to the collaboration response file.

Returns

dict

property workspaces

The workspaces resource lists all the workspaces in a given collaboration. A workspace is a virtual space in the collaboration to which each participating portal is either sending or receiving content. Workspaces can only be created by the collaboration owner.

CreditManager

class arcgis.gis.admin.CreditManager(gis)

Bases: object

Manages an AGOL Site’s Credits for users and sites

Example Usage

from arcgis.gis import GIS
gis = GIS(profile='agol_account')
cm = gis.admin.credits
cm.allocate("user1", 100)
allocate(username, credits=None)

Allows organization administrators to allocate credits for organizational users in ArcGIS Online

Argument

Description

username

Required string.The name of the user to assign credits to.

credits

Optional float. The number of credits to assign to a user. If None is provided, it sets user to unlimited credits.

Returns

boolean

credit_usage(start_time=None, end_time=None)

returns the total credit consumption for a given time period.

arguements

description

start_time

datetime.datetime object. This is the date to start at.

end_time

datetime.datetime object. This is the stop time to look for credit consumption. It needs to be at least 1 day previous than then start_time.

returns: dictionary

property credits

returns the current number of credits on the GIS

deallocate(username)

Allows organization administrators to remove credit allocation for organizational users in ArcGIS Online

Argument

Description

username

Required string.The name of the user to remove all credit from.

Returns

boolean

property default_limit

Gets/Sets the default credit allocation for AGOL

disable()

disables credit allocation on AGOL

enable()

enables credit allocation on AGOL

property is_enabled

boolean that show is credit credit assignment

License

class arcgis.gis.admin.License(gis, info)

Bases: object

Represents a single entitlement for a given organization.

Argument

Description

gis

required GIS, the gis connection object

info

required dictionary, the information provided by the organization’s site containing the provision and listing information.

Returns

License Object

all()

returns a list of all usernames and their entitlements for this license

assign(username, entitlements, suppress_email=True)

grants a user an entitlement.

Argument

Description

username

required string, the name of the user you wish to assign an entitlement to.

entitlments

required list, a list of entitlements values

suppress_email

optional boolean, if True, the org will not notify

a user that their entitlements has changed (default) If False, the org will send an email notifying a user that their entitlements have changed.

Returns

boolean

plot()

returns a simple bar chart of assigned and remaining entitlements

property properties
property report

returns a Panda’s Dataframe of the licensing count.

revoke(username, entitlements, suppress_email=True)

removes a specific license from a given entitlement

Argument

Description

username

required string, the name of the user you wish to assign an entitlement to.

entitlments

required list, a list of entitlements values, if * is given, all entitlements will be revoked

suppress_email

optional boolean, if True, the org will not notify a user that their entitlements has changed (default) If False, the org will send an email notifying a user that their entitlements have changed.

Returns

boolean

user_entitlement(username)

checks if a user has the entitlement assigned to them

Argument

Description

username

required string, the name of the user you want to examine the entitlements for.

Returns

dictionary

LicenseManager

class arcgis.gis.admin.LicenseManager(url, gis=None, initialize=True, **kwargs)

Bases: arcgis.gis.admin._base.BasePortalAdmin

Provides tools to work and manage licenses in ArcGIS Online and ArcGIS Enterprise (Portal)

Argument

Description

url

required string, the web address of the site to manage licenses. example: https://<org url>/<wa>/sharing/rest/portals/self/purchases

gis

required GIS, the gis connection object

Returns

LicenseManager Object

all()

Returns all Licenses registered with an organization

Returns

list of License objects

property bundles

Returns a list of Application Bundles for an Organization

Returns

list of Bundle objects

get(name)

retrieves a license by it’s name (title) =============== ==================================================== Argument Description ————— —————————————————- name required string, name of the entitlement to locate

on the organization. example: name=”arcgis pro”

property offline_pro

Administrators can get/set the disconnect settings for the ArcGIS Pro licensing. A value of True means that a user can check out a license from the enterprise inorder to use it in a disconnected setting. By setting offline_pro to False, the enterprise users cannot check out licenses to work in a disconnected setting for ArcGIS Pro.

Returns

Boolean

LivingAtlas

class arcgis.gis.admin.LivingAtlas(url, gis)

Living Atlas of the World content is a collection of authoritative, ready-to-use, global geographic content available from ArcGIS Online. The content includes valuable maps, data layers, tools, services and apps for geographic analysis. When you make Living Atlas content available to your portal members, you’re providing them with ready-made content that they can use alone or in combination with their own content to create maps, scenes, and apps and perform analysis in the portal map viewer or Insights for ArcGIS.

Note

Your portal must have access to the Internet to use Living Atlas content from ArcGIS Online

Types of content available All the Living Atlas content you access from Portal for ArcGIS was created by Esri. If your portal can connect to the Internet, the following three levels of Living Atlas content are available to you from ArcGIS Online:

1). Content that does not require you to sign in to an ArcGIS Online

account - This content is available by default in Portal for ArcGIS.

2). Subscriber content
  • Subscriber content is the collection of ready-to-use map layers, analytic tools, and services published by Esri that requires an ArcGIS Online organizational subscription account to access. This includes layers from Esri such as Landsat 8 imagery, NAIP imagery, landscape analysis layers, and historical maps. Subscriber content is provided as part of your organizational subscription and does not consume any credits. Layers included in the Living Atlas subscriber content are suitable for use with analysis tools.

3). Premium content
  • Premium content is a type of subscriber content that requires an

ArcGIS Online organizational subscription account to access and consumes credits. Access and credit information is listed in the description details for each item. Premium content provides portal members with access to ready-to-use content such as demographic and lifestyle maps as well as tools for geocoding, geoenrichment, network analysis, elevation analysis, and spatial analysis.

Argument

Description

url

required string, the web address of the site to manage licenses. example: https://<org url>/<wa>/portaladmin/system/content/livingatlas

gis

required GIS, the gis connection object.

disable_premium_atlas()

Disables the Premium Living Atlas Content for a local portal.

disable_public_access()

Disables the Public Living Atlas content.

Returns

boolean. True means enabled, False means failure to enable.

disable_subscriber_atlas()

Disables the Subscriber level Living Atlas Content for a local portal.

enable_premium_atlas(username, password)

Enables the Premium Livinng Atlas Content for a local portal.

Premium content is a type of subscriber content that requires an ArcGIS Online organizational subscription account to access and consumes credits. Access and credit information is listed in the description details for each item. Premium content provides portal members with access to ready-to-use content such as demographic and lifestyle maps as well as tools for geocoding, geoenrichment, network analysis, elevation analysis, and spatial analysis.

Argument

Description

username

required string, username for AGOL

password

required string, login password for AGOL account

Note

This will cost you credits.

enable_public_access()

Enables the Public Living Atlas content.

Living Atlas of the World content is a collection of authoritative, ready-to-use, global geographic content available from ArcGIS Online. The content includes valuable maps, data layers, tools, services and apps for geographic analysis.

Returns

boolean. True means enabled, False means failure to enable.

enable_subscriber_atlas(username, password)

Enables the Premium Livinng Atlas Content for a local portal.

Subscriber content is the collection of ready-to-use map layers, analytic tools, and services published by Esri that requires an ArcGIS Online organizational subscription account to access. This includes layers from Esri such as Landsat 8 imagery, NAIP imagery, landscape analysis layers, and historical maps. Subscriber content is provided as part of your organizational subscription and does not consume any credits. Layers included in the Living Atlas subscriber content are suitable for use with analysis tools.

Argument

Description

username

required string, username for AGOL

password

required string, login password for AGOL account

Note

This will not cost your organization credits.

property groups

returns a list of all living atlas groups

status(group)

returns the information about the sharing status of the Living Atlas

Argument

Description

group

required string or Group object

update_premium_account(username, password)

Updates the Username/Password for the Living Atlas Premium User. The account must be an ArcGIS Online account.

Argument

Description

username

Required string. The user who will be used for to access the subscriber Living Atlas content.

password

Required string. The credentials for the user above.

Returns

boolean

update_subscriber_account(username, password)

Updates the Username/Password for the Living Atlas Subscriber User. The account must be an ArcGIS Online account.

Argument

Description

username

Required string. The user who will be used for to access the subscriber Living Atlas content.

password

Required string. The credentials for the user above.

Returns

boolean

upgrade()

Upgrades the Living Atlas Group to the latest version

Returns

Boolean

validate_credentials(username, password, online_url=None)

returns the information about the sharing status of the Living Atlas

Argument

Description

username

required string, username for AGOL

password

required string, login password for AGOL account

online_url

optional string, Url to ArcGIS Online site. default is https://www.arcgis.com

Returns

boolean

IdentityProviderManager

class arcgis.gis.admin.IdentityProviderManager(gis=None)

Bases: object

Manages and Updates the SAML identity provider configuration for a given GIS.

property configuration

Gets, updates, or Adds a SAML provider

Arguement

Value

value

required dictionary. This property sets, updates or deletes an IDP configuration for a given GIS.

To configure an IDP, provide the key/value Example: idp.configuration = {‘name’ : ‘Enterprise IDP’,

‘idpMetadataFile’ : ‘metadata.xml’

}

Once a site has been configured to use IDP, the configuration can be updated by passing in the key/value pair dictionary. Example:

idp.configuration = {‘name’ : ‘Acme IDP Login’}

To erase an IDP configuration, set the value to None Example: idp.configuration = None

Everytime the IDP configuration is updated, the changes can be seen by calling the ‘configuration’ property and the new results will be returned as a dictionary.

Key:Value Dictionary for Argument value

Key

Value

bindingPostUrl

Optional string. If the idpMetadataFile isn’t specified when an administrator, this parameter is required. It is federated identity provider post url.

bindingUrl

Optional string. If the idpMetadataFile isn’t specified when an administrator, this parameter is required. It is federated identity provider url that we have to redirect the user to login to.

certificate

Optional string. the X509Certificate that needs to be used to validate the SamlResponse from the identity provider.

encryptionCertificate

Optional string. the X509Certificate that needs to be used to validate the SamlResponse from the identity provider.

encryptionSupported

Optional bool. Tells is the SAML provider supports encryption.

entityId

Optional string. Name of the entity ID.

groups

Optional list. List of group ids that users will be put in on when they signup to join the GIS.

id

Optional string. unique identifier of the IDP provider.

idpMetadataFile

Optional string. In the case the URL is not accessible, then the same IDP Metadata file can be uploaded.

level

Optional integer. Either value 1 or 2. The default level a user will be created as. The default is 2.

logoutUrl

Optional string. The logout SAML url.

name

Optional string. It is the name of the organization’s federated identity provider. This is also the name we show up in the Signin page.

roleId

Optional string. Default role new users will be.

signUpMode

Optional string. This is how new users are added to the GIS. There are two modes: Invitation, Automatic Invitation user needs to get an invitation and then signin through federated identity provider. With Automatic all users that signin through the federated identity provider will be added as a user. The privilege/role is set to ‘user’ Default is Invitation.

supportSignedRequest

Optional boolean. Determines if signed requests are supported from the provider.

supportsLogoutRequest

Optional boolean. Determines if logout requests are accepted.

updateProfileAtSignin

Optional boolean. If True, users have to update the profile.

useSHA256

Optional boolean. If set to true, SHA256 encryption will be used.

userCreditAssignment

Optional integer. Assigns a set number of credits to new users. The default is -1 (infinite).

property properties

returns the properties of the IDP configuration

PasswordPolicy

class arcgis.gis.admin.PasswordPolicy(url, gis=None, **kwargs)

Bases: arcgis.gis.admin._base.BasePortalAdmin

Manages a GIS Security Policy. Administrators can view, update or reset the site’s security policy.

property policy

gets/sets the current security policy

reset()

resets the security policy to the default install settings

PortalResourceManager

class arcgis.gis.admin.PortalResourceManager(gis)

Bases: object

Helper class to manage a GIS’ resources

Argument

Description

gis

required GIS, connection to ArcGIS Online or ArcGIS Enterprise

add(key=None, path=None, text=None, **kwargs)

The add resource operation allows the administrator to add a file resource, for example, the organization’s logo or custom banner. The resource can be used by any member of the organization. File resources use storage space from your quota and are scanned for viruses.

Argument

Description

key

optional string, look up key for file

path

optional string, file path to the local resource to upload

text

optional string, text value to add to the site’s resources

access

optional string, sets the access level for the resource. The default is ‘public’. Values: public, org, orgprivate

Returns

boolean

delete(key)

The Remove Resource operation allows the administrator to remove a file resource.

Argument

Description

key

optional string, look up key for file to delete

Returns

boolean

get(resource_name, download_path=None)

Download or get a portal resource item

Argument

Description

resource_name

optional string, key/name of data

download_path

optional string, save folder location

Returns

path to data or raw data if not file.

list(start=1, num=100)

returns a list of resources uploaded to portal. The items can be images, files and other content used to stylize and modify a portal’s appearance.

Argument

Description

start

optional int, start location of the search. The default is a value of 1

num

optional int, the number of search results to return at one time. The value ranges between 1-100 (max). Default: 100

Returns

boolean

UX

class arcgis.gis.admin.UX(gis)

Bases: object

Helper class for modifying the portal home page. This class is not created by users directly. An instance of the class, called ‘ux’, is available as a property of the GIS object. Users call methods on this ‘ux’ object to set banner, background, logo, name etc.

property default_basemap

returns the site’s default extent

return

dictionary

property default_extent

returns the site’s default extent

return

dictionary

property description

Returns the site’s description.

return

dictionary

property description_visibility

Returns the site’s description visibility

return

boolean

property enable_comments

Turn on item comments

property featured_content

Returns the featured content group information. The information can then be set using the ‘set_featured_content()’.

return

dictionary

Usage Example

>>> data = ux.get_featured_content()
>>> ux.set_featured_content(data)
True
get_background(download_path)

Get your organization’s home page background image. You can use the set_background() method to set an image as the home page background image.

For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-home.htm

Argument

Description

download_path

required string. Folder path to download the background file.

Returns

Path to downloaded background file.

get_banner(download_path)

Get your organization’s home page banner image. You can use the set_banner() method to set an image or custom HTML code as your banner. ================ =============================================================== Argument Description —————- ————————————————————— download_path required string. Folder path to download the banner file. ================ ===============================================================

return

Path to downloaded banner file.

Get your organization’s logo/thumbnail. You can use the set_logo() method to set an image as your logo. ================ =============================================================== Argument Description —————- ————————————————————— download_path required string. Folder path to download the logo file. ================ ===============================================================

return

Path to downloaded logo file.

property name

Returns the site’s name. The name can get defined using the ‘set_name()’.

return

string of the name of the site

set_background(background_file=None, is_built_in=True)

Configure your home page by setting the organization’s background image. You can choose no image, a built-in image or upload your own. If you upload your own image, the image is positioned at the top and center of the page. The image repeats horizontally if it is smaller than the browser or device window. For best results, if you want a single, nonrepeating background image, the image should be 1,920 pixels wide (or smaller if your users are on smaller screens). The website does not resize the image. You can upload a file up to 1 MB in size.

For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-home.htm

Argument

Description

background_file

optional string. If using a custom background, specify path to image file.

To remove an existing background, specify None for this argument and False for is_built_in argument.

is_built_in

optional bool, default=True. The built-in background is set by default.

If uploading a custom image, this parameter is ignored.

Returns

True | False

set_banner(banner_file=None, is_built_in=False, custom_html=None)

Configure your home page by setting the organization’s banner. You can choose one of the 5 built-in banners or upload your own. For best results the dimensions of the banner image should be 960 x 180 pixels. You can also specify a custom html for how the banner space should appear. For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-home.htm

Argument

Description

banner_file

optional string. If uploading a custom banner, then path to the

banner file. If using a built-in banner, valid values are banner-1, banner-2, banner-3, banner-4, banner-5. If None, existing banner is remove.

is_built_in

optional bool, default=False. Specify True if using a built-in

banner file.

custom_html

optional string. Specify exactly how the banner should appear in

html. For help on this, refer to http://server.arcgis.com/en/portal/latest/administer/windows/supported-html.htm

Returns

True | False

Configure your home page by setting the organization’s logo image. For best results the logo file should be 65 x 65 pixels in dimension.

For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-general.htm

Argument

Description

logo_file

optional string. Specify path to image file. If None, existing thumbnail is removed.

Returns

True | False

property summary

Allows the get/setting of a brief summary to describe your organization on the sign in page associated with its custom apps and sites. This summary has a maximum of 310 characters.

Argument

Description

text

Required string. The brief description of the organization.

Returns

string

property vector_basemap

gets/sets the default vector basemap

Federation

class arcgis.gis.admin.Federation(url, gis)

Bases: arcgis.gis.admin._base.BasePortalAdmin

This resource returns information about the ArcGIS Servers registered with Portal for ArcGIS.

federate(url, admin_url, username, password)

This operation enables ArcGIS Servers to be federated with Portal for ArcGIS.

Argument

Description

url:

Required string. The URL of the GIS server used by external users when accessing the ArcGIS Server site. If the site includes the Web Adaptor, the URL includes the Web Adaptor address, for example, https://webadaptor.domain.com/arcgis. If you’ve added ArcGIS Server to your organization’s reverse proxy server, the URL is the reverse proxy server address (for example, https://reverseproxy.domain.com/myorg). Note that the federation operation will perform a validation check to determine if the provided URL is accessible from the server site. If the resulting validation check fails, a warning will be generated in the Portal for ArcGIS logs. However, federation will not fail if the URL is not validated, as the URL may not be accessible from the server site, such as is the case when the server site is behind a firewall.

admin_url

Required string. The URL used for accessing ArcGIS Server when performing administrative operations on the internal network, for example, https://gisserver.domain.com:6443/arcgis.

username

Required string. The username of the primary site administrator account

password

Required string. password of the username above.

Returns

dict, server response with server ID

property servers

This resource returns detailed information about the ArcGIS Servers registered with Portal for ArcGIS, such as the ID of the server, name of the server, ArcGIS Web Adaptor URL, administration URL, and if the server is set as a hosting server.

unfederate(server_id)

This operation unfederates an ArcGIS Server from Portal for ArcGIS.

Argument

Description

server_id

Required string. The unique ID of the server

Returns

boolean

update(server_id, role, function=None)

This operation allows you to set an ArcGIS Server federated with Portal for ArcGIS as the hosting server or to enforce fine-grained access control to a federated server. You can also remove hosting server status from an ArcGIS Server. You can also remove hosting server status from an ArcGIS Server. To set a hosting server, an enterprise geodatabase must be registered as a managed database with the ArcGIS Server.

Argument

Description

server_id

Required string. The unique ID of the server

role

Required string. Whether the server is a hosting server for the portal, a federated server, or a server with restricted access to publishing. The allowed values are: FEDERATED_SERVER, FEDERATED_SERVER_WITH_RESTRICTED_PUBLISHING, or HOSTING_SERVER.

function

Optional string. This is the purpose of the ArcGIS Server. Values are: GeoAnalytics, RasterAnalytics, ImageHosting, or None

Returns

boolean

validate(server_id)

This operation provides status information about a specific ArcGIS Server federated with Portal for ArcGIS.

Argument

Description

server_id

Required string. The unique ID of the server

Returns

dict

validate_all()

This operation returns information on the status of ArcGIS Servers registered with Portal for ArcGIS.

Logs

class arcgis.gis.admin.Logs(url, gis)

Bases: arcgis.gis.admin._base.BasePortalAdmin

Logs are records written by various components of the portal. You can query the logs, clean the logs, and edit log settings.

Argument

Description

gis

required GIS, portal connection object

url

required string, web address of the log resource

clean()

Deletes all the log files on the machine hosting Portal for ArcGIS. This operation allows you to free up disk space. The logs cannot be recovered after executing this operation.

USAGE: Clean logs from your Portal Admin API

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
logs = gis.admin.logs
resp = logs.clean()
print(resp)

# Output
True
Returns

Boolean True or False depicting success

query(start_time, end_time=None, level='WARNING', query_filter='*', page_size=1000)

The query operation allows you to aggregate, filter, and page through logs written by the portal.

Argument

Description

start_time

required datetime/float. The most recent time to query.

Local date corresponding to the POSIX timestamp, such as is returned by time.time(). This may raise OverflowError, if the timestamp is out of the range of values supported by the platform. It’s common for this to be restricted to years from 1970 through 2038. Time can be specified as a portal timestamp (format in “%Y-%m-%dT%H:%M:%S”) or in seconds since UNIX epoch. For :Examples: Datetime Object: datetime.datetime.now() Timestamp: “2015-08-01T15:17:20,123” Seconds: 1312237040.123/time.time() Default: datetime.datetime.now()

end_time

optional datetime/float, The oldest time to include in the result set. You can use this to limit the query to the last number of minutes, hours, days, months, and years as needed.

Local date corresponding to the POSIX timestamp, such as is returned by time.time(). This may raise OverflowError, if the timestamp is out of the range of values supported by the platform. It’s common for this to be restricted to years from 1970 through 2038.

Datetime Object: datetime.datetime.now() Timestamp: “2015-08-01T15:17:20,123” Seconds: 1312237040.123/time.time() Default: datetime.datetime.now()

level

optional string, Can be one of [OFF, SEVERE, WARNING, INFO, FINE, VERBOSE, DEBUG]. Returns only records with a log level at or more severe than the level specified. Default: WARNING

query_filter

optional string, Filtering is allowed by any combination of codes, users, and source components. The filter accepts a comma delimited list of filter definitions. If any definition is omitted, it defaults to all (“*”). :Example: {“codes”:[204000-205999,212015,219114], “users”:[“admin”,”jcho”],

“source”: [“PORTAL ADMIN”]}

The source of logged events are generated from the sharing, administrative, and portal components of the software. For example:

  • Events related to publishing and users are categorized under SHARING.

  • Events related to security and indexing are categorized under PORTAL ADMIN.

  • Events related to installing the software are categorized under PORTAL.

page_size

optional integer, the number of log records to return. The default is 1000

Returns

dictionary of messages

property settings

Reads/writes the current log settings for the portal.

USAGE: Print out the Log Settings

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
logs = gis.admin.logs
logsettings = logs.settings
for key, value in dict(logsettings).items():
    print("{} : {}".format(key, value))

# Output
logDir : C:\arcgisportal\logs
logLevel : INFO
maxErrorReportsCount : 10
maxLogFileAge : 90
usageMeteringEnabled : False
Returns

Dictionary of key/value pairs of log settings

Machines

class arcgis.gis.admin.Machines(url, gis, portaladmin, **kwargs)

Bases: arcgis.gis.admin._base.BasePortalAdmin

This resource lists all the portal machines in a site. Each portal machine has a status that indicates whether the machine is ready to accept requests.

get(name)

allows for retrieval of a single instance of Machine by it’s registered name.

list()

provides a list of all registered machines with the local GIS

Security

class arcgis.gis.admin.Security(url, gis=None, **kwargs)

This resource is an umbrella for a collection of system-wide resources for your portal. This resource provides access to the ArcGIS Web Adaptor configuration, portal directories, database management server, indexing capabilities, license information, and the properties of your portal.

property config

The security configuration consists of the identity store configuration. If your portal will be authenticated through ArcGIS Web Adaptor, you must set up your preferred authentication on your web server. Use the Update Identity Store operation to configure your portal to connect to your enterprise identity provider such as Windows Domain or LDAP. By default, Portal for ArcGIS is configured to use the built-in store and token-based authentication.

property enterpriseusers

provides access into managing enterprise users

property groups

provides access to managing Enterprise Groups with Portal

property oauth

The OAuth resource contains a set of operations that update the OAuth2-specific properties of registered applications in Portal for ArcGIS.

property ssl

Provides access to managing and updating SSL Certificates on a Portal site.

property test_identity_store

This operation can be used to test the connection to a user or group store.

Argument

Description

user_config

Optional dict. The user store configuration

group_config

Optional dict. The group store configuration

Returns

dict

property tokens

This resource represents the token configuration within your portal. Use the set on token_config operation to change the configuration properties of the token service.

update_identity_store(user_config=None, group_config=None)

You can use this operation to change the identity provider and group store configuration in your portal. When Portal for ArcGIS is first installed, it supports token-based authentication and built-in groups using the built-in identity store for accounts. To configure your portal to connect to your enterprise authentication mechanism and group store, it must be configured to use an enterprise identity store such as Windows Active Directory or LDAP.

See: http://resources.arcgis.com/en/help/arcgis-rest-api/index.html#/Update_Identity_Store/02r300000249000000/

Argument

Description

user_config

Optional dict. The user store configuration

group_config

Optional dict. The group store configuration

Returns

dict

OAuth

class arcgis.gis.admin.OAuth(url, gis=None, **kwargs)

The OAuth resource contains a set of operations that update the OAuth2-specific properties of registered applications in Portal for ArcGIS.

property app_info

Every application registered with Portal for ArcGIS has a unique client ID and a list of redirect URIs that are used for OAuth. This operation returns these OAuth-specific properties of an application. You can use this information to update the redirect URIs by using the Update App Info operation.

update(current_id, new_id)

When new applications are registered with Portal for ArcGIS, a new client ID is generated for the application. This allows the application to access content from the portal. The new client ID does not work if the application developer has programmed against a specific ID. This operation can, therefore, be used to change the client ID to another value as specified by the application developer.

Argument

Description

current_id

Required string. The current client ID of an existing application.

new_id

Required string. The new client ID to assign to the application.

Returns

dict

SSLCertificate

class arcgis.gis.admin.SSLCertificate(url, gis=None, **kwargs)

represents a single registered certificate

delete()

This operation deletes an SSL certificate from the key store. Once a certificate is deleted, it cannot be retrieved or used to enable SSL.

export(out_path=None)

This operation downloads an SSL certificate. The file returned by the server is an X.509 certificate. The downloaded certificate can be imported into a client that is making HTTP requests.

Argument

Description

out_path

Required string. Save location of the certificate

Returns

string

generate_csr()

This operation generates a certificate signing request (CSR) for a self-signed certificate. A CSR is required by a CA to create a digitally signed version of your certificate.

Returns

string

import_signed_certificate(file_path)

imports a certificate authority (CA) signed SSL certificate into the key store.

Argument

Description

file_path

Required string. The location of the certificate

Returns

dict

SSLCertificates

class arcgis.gis.admin.SSLCertificates(url, gis=None, **kwargs)

Manages the Portal’s SSL Certificates

generate(alias, common_name, organization, key_algorithm='RSA', validity=90, key_size=2048, signature_algorithm='SHA256withRSA', unit='', city='', state='', country_code='', alt_name='')

Use this operation to create a self-signed certificate or as a starting point for getting a production-ready CA-signed certificate. The portal will generate a certificate for you and store it in its keystore.

Argument

Description

alias

Required string. The name of the certificate. This is a required parameter.

common_name

Required string. The common name used to identify the server for which the certificate is to be generated. This is a required parameter.

organization

Required string. The name of the organization. This is a required parameter.

key_algorithm

Optional string. The algorithm used to generate the key pairs. The default is RSA.

validity

Optional integer. The expiration time for the certificate in days. The default is 90.

key_size

Optional integer. The size of the key. The default is 2048.

signature_algorithm

Optional string. The algorithm used to sign the self-signed certificates. The default is derived from the key_algorithm parameter.

unit

Optional string. The department within which this server resides.

city

Optional string. The name of the city

state

Optional string. The name of the state

country_code

Optional string. The two letter abbrevation of the country

alt_name

Optional string. The common name used to identify the server for which the certificate is to be generated. This is a required parameter.

Returns

boolean

get(alias_name)

gets a single SSLCertificate object by the alias name

Argument

Description

alias_name

Required string. The common name of the certificate.

Returns

SSLCertificate Object

USAGE: Print out information about a specific SSL Certificate by alias name

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
# Get the SSL Certificate class
sslmgr = gis.admin.security.ssl
# Get a specific certificate alias and print information
ssl = sslmgr.get('portal')
for prop in ssl.properties:
    print(prop, ssl.properties[prop])]))

# Output
aliasName portal
issuer CN=YOURPORTAL.COM, OU=Self Signed Certificate
subject CN=YOURPORTAL.COM, OU=Self Signed Certificate
subjectAlternativeNames []
validFrom Fri Sep 15 07:46:45 EDT 2017
validUntil Sun Jul 24 07:46:45 EDT 2050
keyAlgorithm RSA
keySize 2048
serialNumber 503b23c6
version 3
signatureAlgorithm SHA256withRSA
keyUsage []
md5Fingerprint 76d695d72e46b30ea90013676d559faa
sha1Fingerprint 6f36513757c28ad43c2df5e4c7cee581ad18dd1e
sha256Fingerprint a051aab19d1ed8ceee7322572b3b1b2abd1ed680d0a1d81d0da84cf0e1a1b6cb
import_certificate(certificate, alias, norestart=False)

This operation imports a certificate authority’s (CA) root and intermediate certificates into the keystore. To create a production quality CA-signed certificate, you need to add the CA certificates into the keystore that enables the SSL mechanism to trust the CA (and the certificates it has signed). While most of the popular CA certificates are already available in the keystore, you can use this operation if you have a custom CA or specific intermediate certificates.

Argument

Description

certificate

Required string. The file location of the certificate file

alias

Required string. The name of the certificate

norestart

Optional boolean. Determines if the portal should be prevented from restarting after importing the certificate. By default this is false and the portal will restart. Added in 10.6.

Returns

boolean

USAGE: Import a trusted CA or Intermediate SSL Certificate into Portal Admin API

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
# Get the SSL Certificate class
sslmgr = gis.admin.security.ssl
# Load a trust CA certificate and restart Portal
resp = sslmgr.import_certificate(r'c:\temp\myTrustedCA.crt', 'myroot', norestart=False)
print(resp)

# Output
True
import_server_certificate(alias, password, certificate)

This operation imports an existing server certificate, stored in the PKCS #12 format, into the keystore. If the certificate is a CA signed certificate, you must first import the CA Root or Intermediate certificate using the Import Root or Intermediate Certificate operation.

Argument

Description

alias

Required string. The name of the certificate

password

Required string. The password for the certificate

certificate

Required string. The file location of the certificate file

Returns

boolean

list(force=False)

List of SSL Certificates as represented in the Portal Admin API

Argument

Description

force

Optional Boolean. If True, the certificate list will be refreshed, else, if a set of values is in memory, it will use those values. This is used when you want to ensure you have the most up to date list of certificates.

Returns

List of SSLCertificate objects

USAGE: Print out information about each SSL Certificate

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
# Get the SSL Certificate class
sslmgr = gis.admin.security.ssl
# Get a list of SSL Certificates
sslcerts = sslmgr.list()
# For each certificate, print its alias and issuer
for sslcert in sslcerts:
    print("{} : {}".format(dict(sslcert)['aliasName'], dict(sslcert)['issuer']))

# Output
portal : CN=YOURPORTAL.COM, OU=Self Signed Certificate
yourorgroot : CN=YourOrg Enterprise Root, DC=empty, DC=local
samlcert : CN=YOURPORTAL.COM, OU=Self Signed Certificate
ca_signed : CN=YourOrg Enterprise Root, DC=empty, DC=local
update(alias, protocols, cipher_suites)

Use this operation to configure the web server certificate, SSL protocols, and cipher suites used by the portal.

Argument

Description

alias

Required string. The name of the certificate. This is a required parameter. The certificate must be already present in the portal.

protocols

Required string. The SSL protocols the portal will use. Valid options are TLSv1, TLSv1.1, and TLSv1.2; values must be comma separated. By default, these options are all enabled.

cipher_suites

Required string. The cipher suites the portal will use. Valid options are:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

  • TLS_RSA_WITH_AES_128_GCM_SHA256

  • TLS_RSA_WITH_AES_128_CBC_SHA256

  • TLS_RSA_WITH_AES_128_CBC_SHA

  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

By default, all of the above options are enabled. Values must be comma separated.

Returns

dict

EnterpriseUsers

class arcgis.gis.admin.EnterpriseUsers(url, gis=None, **kwargs)

The users resource is an umbrella for operations to manage members within Portal for ArcGIS. The resource returns the total number of members in the system.

create(username, password, first_name, last_name, email, role='org_user', level=2, provider='arcgis', idp_username=None, description=None, user_license=None)

This operation is used to pre-create built-in or enterprise accounts within the portal. The provider parameter is used to indicate the type of user account.

Argument

Description

username

Required string. The name of the user account

password

Required string. The password of the user account

first_name

Required string. The first name for the account

last_name

Required string. The last name for the account

email

Required string. The email for the account

role

Optional string. The role for the user account. The default value is org_user. Values org_admin | org_publisher | org_user | org_editor (Data Editor) | viewer

level

Optional integer. The account level to assign the user. Values 1 or 2

provider

Optional string. The provider for the account. The default value is arcgis. Values arcgis | enterprise

idp_username

Optional string. The name of the user as stored by the enterprise user store. This parameter is only required if the provider parameter is enterprise.

description

Optional string. A user description

user_license

Optional string. The user type for the account. (10.7+)

Values: creator, editor, advanced (GIS Advanced),

basic (GIS Basic), standard (GIS Standard), viewer, fieldworker

Returns

boolean

get(username)

This operation returns the description, full name, and email address for a single user in the enterprise identity (user) store configured with the portal. The username parameter is used to specify the enterprise username. If the user does not exist, an error is returned.

Argument

Description

username

Required string. Username of the enterprise account. For Windows Active Directory users, this can be either domainusername or just username. For LDAP users, the format is always username.

Returns

dict

refresh_users(users)

This operation iterates over every enterprise group configured in the portal and determines if the input user accounts belong to any of the configured enterprise groups. If there is any change in membership, the database and the indexes are updated for each user account. While portal automatically refreshes the memberships during a user login and during a periodic refresh (configured through the Update Identity Store operation), this operation allows an administrator to force a refresh.

Argument

Description

users

Required string. A comma seperated list of users.

Returns

dict

search(query='', max_count=255)

This operation searches users in the configured enterprise user store. You can narrow down the search using the filter parameter.

Argument

Description

query

Optional string. Where clause into parse down results

max_count

Optional integer. The maximum number of records to return

Returns

dict

update(username, idp_username)

This operation allows an administrator to update the idp_username for an enterprise user in the portal. This is used when migrating from accounts used with web-tier authentication to SAML authentication.

Argument

Description

username

Required string. Username of the enterprise account. For Windows Active Directory users, this can be either domainusername or just username. For LDAP users, the format is always username.

idp_username

Required string. The username used by the SAML identity provider

Returns

dict

EnterpriseGroups

class arcgis.gis.admin.EnterpriseGroups(url, gis=None, **kwargs)

The groups resource is an umbrella for operations to manage enterprise groups within the portal. The resource returns the total number of groups in the system.

get_group_users(name, query='', max_count=255)

This operation returns the users that are currently assigned to the enterprise group within the enterprise user/group store. You can use the filter parameter to narrow down the user search.

Argument

Description

name

Optional string. The name of the enterprise group

query

Optional string. Where clause into parse down results

max_count

Optional integer. The maximum number of records to return

Returns

dict

get_user_groups(username, query='', max_count=255)

This operation lists the groups assigned to a user account in the configured enterprise group store.

Argument

Description

username

Optional string. The name of the user account

query

Optional string. Where clause into parse down results

max_count

Optional integer. The maximum number of records to return

Returns

dict

refresh_groups(groups)

This operation iterates over every enterprise account configured in the portal and determines if the user account is a part of the input enterprise group. If there are any change in memberships, the database and the indexes are updated for each group. While portal automatically refreshes the memberships during a user login and during a periodic refresh configured through the Update Identity Store operation, this operation allows an administrator to force a refresh.

Argument

Description

groups

Required string. The comma seperated list of group names to be refreshed

Returns

dict

search(query='', max_count=255)

This operation searches groups in the configured enterprise group store. You can narrow down the search using the filter parameter.

Argument

Description

query

Optional string. Where clause into parse down results

max_count

Optional integer. The maximum number of records to return

Returns

dict

Site

class arcgis.gis.admin.Site(url, portaladmin, **kwargs)

Bases: arcgis.gis.admin._base.BasePortalAdmin

Site is the root resources used after a local GIS is installed. Here administrators can create, export, import, and join sites.

static create(con, url, username, password, full_name, email, content_store, description='', question_idx=None, question_ans=None, license_file=None, user_license=None)

The create site operation initializes and configures Portal for ArcGIS for use. It must be the first operation invoked after installation. Creating a new site involves:

  • Creating the initial administrator account

  • Creating a new database administrator account (which is same as the initial administrator account)

  • Creating token shared keys

  • Registering directories

This operation is time consuming, as the database is initialized and populated with default templates and content. If the database directory is not empty, this operation attempts to migrate the database to the current version while keeping its data intact. At the end of this operation, the web server that hosts the API is restarted.

Argument

Description

con

Required Connection. The connection object.

url

Required string. The portal administration url Ex: https://mysite.com/<web adaptor>/portaladmin

username

Required string. The initial admin account name

password

Required string. The password for initial admin account

full_name

Required string. The full name of the admin account

email

Required string. The account email address

content_store

Required string. JSON string including the path to the location of the site’s content.

description

Optional string. The optional description for the account

question_idx

Optional integer. The index of the secret question to retrieve a forgotten password

question_ans

Optional string. The answer to the secret question

license_file

Optional string. The portal license file. Starting at 10.7, you will obtain your portal license file - which contains information regarding your user types, apps, and app bundles-from My Esri. For more information, see Obtain a portal license file.

user_license

The user type for the initial administrator account. The values listed below are the user types that are compatible with the Administrator role.

Values: creatorUT, GISProfessionalBasicUT,

GISProfessionalStdUT, GISProfessionalAdvUT

Returns

dict

export_site(location)

This operation exports the portal site configuration to a location you specify. The exported file includes the following information:

Content directory - the content directory contains the data

associated with every item in the portal

Database dump file - a plain-text file that contains the SQL

commands required to reconstruct the portal database

Configuration store connection file - a JSON file that contains

the database connection information

Argument

Description

location

Required string. The path to the folder accessible to the portal where the exported site configuration will be written.

Returns

dict

USAGE: Export Portal Site to a location the Portal server has access to.  ** This can be a
       lengthy operation.

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
sitemgr = gis.admin.site
response = sitemgr.export_site(r'c:\temp')
print(response)

# Output
{'status': 'success', 'location': 'C:\Temp\June-9-2018-5-22-29-PM-EDT-FULL.portalsite'}
import_site(location)

The importSite operation lets you restore your site from a backup site configuration file that you created using the exportSite operation. It imports the site configuration file into the currently running portal site. The importSite operation will replace all site configurations with information included in the backup site configuration file. See the export_site operation documentation for details on what the backup file includes. The importSite operation also updates the portal content index.

Argument

Description

location

Required string. A file path to an exported configuration.

Returns

dict

join(admin_url, username, password)

The joinSite operation connects a portal machine to an existing site. You must provide an account with administrative privileges to the site for the operation to be successful. When an attempt is made to join a site, the site validates the administrative credentials, then returns connection information about its configuration store back to the portal machine. The portal machine then uses the connection information to work with the configuration store. If this is the first portal machine in your site, use the Create Site operation instead. The join operation:

  • Registers a machine to an existing site (active machine)

  • Creates a snapshot of the database of the active machine

  • Updates the token shared key

  • Updates Web Adaptor configurations

Sets up replication to keep the database of both machines in sync The operation is time-consuming as the database is configured on the machine and all configurations are applied from the active machine. After the operation is complete, the web server that hosts the API will be restarted.

Argument

Description

admin_url

Required string. The admin URL of the existing portal site to which a machine will be joined

username

Required string. The username for the initial administrator account of the existing portal site.

password

Required string. The password for the initial administrator account of the existing portal site.

Returns

dict

System

class arcgis.gis.admin.System(url, gis=None, **kwargs)

This resource is an umbrella for a collection of system-wide resources for your portal. This resource provides access to the ArcGIS Web Adaptor configuration, portal directories, database management server, indexing capabilities, license information, and the properties of your portal.

property content_discovery

This resource allows an administrator to enable or disable external content discovery from the portal website. Because some Esri-provided content requires external access to the internet, an administrator may choose to disable the content to prevent requests to ArcGIS Online resources. When disabling the content, a select group of items will be disabled:

  • All basemaps owned by “esri_[lang]”

  • All content owned by “esri_nav”

  • All content owned by “esri”

This resource will not disable ArcGIS Online utility services or Living Atlas content. For steps to disable these items, refer to the Portal Administrator guide.

When external content is disabled, System Languages are also disabled.

Argument

Description

value

required Boolean. If true, external content is enabled, else it is disabled.

Returns

boolean

property database

The database resource represents the database management system (DBMS) that contains all of the portal’s configuration and relationship rules. This resource also returns the name and version of the database server currently running in the portal. You can use the properety to update database accounts

property directories

The directories resource is a collection of directories that are used by the portal to store and manage content. Beginning at 10.2.1, Portal for ArcGIS supports five types of directories:

  • Content directory-The content directory contains the data associated with every item in the portal.

  • Database directory-The built-in security store and sharing rules are stored in a Database server that places files in the database directory.

  • Temporary directory - The temporary directory is used as a scratch workspace for all the portal’s runtime components.

  • Index directory-The index directory contains all the indexes associated with the content in the portal. The indexes are used for quick retrieval of information and for querying purposes.

  • Logs directory-Errors and warnings are written to text files in the log file directory. Each day, if new errors or warnings are encountered, a new log file is created.

If you would like to change the path for a directory, you can use the Edit Directory operation.

property index_status

The status resource allows you to view the status of the indexing service. You can view the number of users, groups, and search items in both the database (store) and the index. If the database and index do not match, indexing is either in progress or there is a problem with the index. It is recommended that you reindex to correct any issues. If indexing is in progress, you can monitor the status by refreshing the page.

Returns

dict

USAGE: Prints out current Index Status

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
sysmgr = gis.admin.system
idx_status = sysmgr.index_status
import json
print(json.dumps(idx_status, indent=2))

# Output
{
  "indexes": [
    {
      "name": "users",
      "databaseCount": 51,
      "indexCount": 51
    },
    {
      "name": "groups",
      "databaseCount": 325,
      "indexCount": 325
    },
    {
      "name": "search",
      "databaseCount": 8761,
      "indexCount": 8761
    }
  ]
}
property languages

This resource gets/sets which languages will appear in portal content search results. Use the Update languages operation to modify which language’content will be available.

property licenses

Portal for ArcGIS requires a valid license to function correctly. This resource returns the current status of the license. Starting at 10.2.1, Portal for ArcGIS enforces the license by checking the number of registered members and comparing it with the maximum number of members authorized by the license. Contact Esri Customer Service if you have questions about license levels or expiration properties.

property properties

Gets/Sets the system properties that have been modified to control the portal’s environment. The list of available properties are:

  • privatePortalURL-Informs the portal that it has a front end load-balancer/proxy reachable at the URL. This property is typically used to set up a highly available portal configuration

  • portalLocalhostName-Informs the portal back-end to advertise the value of this property as the local portal machine. This is typically used during federation and when the portal machine has one or more public host names.

  • httpProxyHost-Specifies the HTTP hostname of the proxy server

  • httpProxyPort-Specifies the HTTP port number of the proxy server

  • httpProxyUser-Specifies the HTTP proxy server username.

  • httpProxyPassword-Specifies the HTTP proxy server password.

  • isHttpProxyPasswordEncrypted-Set this property to false when you are configuring the HTTP proxy server password in plain text. After configuration, the password will be encrypted and this property will be set to true

  • httpsProxyHost-Specifies the HTTPS hostname of the proxy server

  • httpsProxyPort-Specifies the HTTPS port number of the proxy server

  • httpsProxyUser-Specifies the HTTPS proxy server username

  • httpsProxyPassword-Specifies the HTTPS proxy server password

  • isHttpsProxyPasswordEncrypted-Set this property to false when you are configuring the HTTPS proxy server password in plain text. After configuration, the password will be encrypted and this property will be set to true.

  • nonProxyHosts-If you want to federate ArcGIS Server and the site does not require use of the forward proxy, list the server machine or site in the nonProxyHosts property. Machine and domain items are separated using a pipe (|).

  • WebContextURL-If you are using a reverse proxy, set this property to reverse proxy URL.

  • ldapCertificateValidation Introduced at 10.7. When set to true, any encrypted LDAP communication (LDAPS) made from the portal to the user or group identity store will enforce certificate validation. The default value is false.

reindex(mode='FULL', includes=None)

This operation allows you to generate or update the indexes for content; such as users, groups, and items stored in the database (store). During the process of upgrading an earlier version of Portal for ArcGIS, you are required to update the indexes by running this operation. You can check the status of your indexes using the status resource.

Argument

Description

mode

Optional string. The mode in which the indexer should run. Values USER_MODE | GROUP_MODE | SEARCH_MODE | FULL

includes

Optional string. An optional comma separated list of elements to include in the index. This is useful if you want to only index certain items or user accounts.

Returns

boolean

property web_adaptors

The Web Adaptors resource lists the ArcGIS Web Adaptor configured with your portal. You can configure the Web Adaptor by using its configuration web page or the command line utility provided with the installation.

Licenses (Deprecated 10.7+)

class arcgis.gis.admin.Licenses(url, gis=None, **kwargs)

Portal for ArcGIS requires a valid license to function correctly. This resource returns the current status of the license. As of 10.2.1, Portal for ArcGIS enforces the license by checking the number of registered members and comparing it with the maximum number of members authorized by the license. Contact Esri Customer Service if you have questions about license levels or expiration properties. Starting at 10.5, Portal for ArcGIS enforces two levels of membership for licensing to define sets of privileges for registered members and their assigned roles.

Deprecated at ArcGIS Enterprise 10.7

entitlements(app='arcgisprodesktop')

This operation returns the currently queued entitlements for a product, such as ArcGIS Pro or Navigator for ArcGIS, and applies them when their start dates become effective. It’s possible that all entitlements imported using the Import Entitlements operation are effective immediately and no entitlements are added to the queue. In this case, the operation returns an empty result.

Argument

Description

app

Required string. The application lookup. Allowed values: appstudioweb,arcgisprodesktop,busanalystonline_2, drone2map,geoplanner,arcgisInsights,LRReporter, navigator, or RoadwayReporter

Returns

dict

import_entitlements(file, application)

This operation allows you to import entitlements for ArcGIS Pro and additional products such as Navigator for ArcGIS into your licensing portal. Once the entitlements have been imported, you can assign licenses to users within your portal. The operation requires an entitlements file that has been exported out of your ArcGIS License Server Administrator or out of My Esri, depending on the product. A typical entitlements file will have multiple parts, each representing a set of entitlements that are effective at a specific date. The parts that are effective immediately will be configured to be the current entitlements. Other parts will be added to a queue. The portal framework will automatically apply the parts when they become effective. You can use the Get Entitlements operation to see the parts that are in the queue. Each time this operation is invoked, it overwrites all existing entitlements, even the ones that are in the queue.

Argument

Description

file

Required string. The entitlement file to load into Enterprise.

application

Required string. The application identifier to be imported

Returns

dict

release_license(username)

If a user checks out an ArcGIS Pro license for offline or disconnected use, this operation releases the license for the specified account. A license can only be used with a single device running ArcGIS Pro. To check in the license, a valid access token and refresh token is required. If the refresh token for the device is lost, damaged, corrupted, or formatted, the user will not be able to check in the license. This prevents the user from logging in to ArcGIS Pro from any other device. As an administrator, you can release the license. This frees the outstanding license and allows the user to check out a new license or use ArcGIS Pro in a connected environment.

remove_all(application)

This operation removes all entitlements from the portal for ArcGIS Pro or additional products such as Navigator for ArcGIS and revokes all entitlements assigned to users for the specified product. The portal is no longer a licensing portal for that product. License assignments are retained on disk. Therefore, if you decide to configure this portal as a licensing portal for the product again in the future, all licensing assignments will be available in the website.

remove_entitlement(app='arcgisprodesktop')

deletes an entitlement from a site

Argument

Description

app

Required string. The application lookup. Allowed values: appstudioweb,arcgisprodesktop,busanalystonline_2, drone2map,geoplanner,arcgisInsights,LRReporter, navigator, or RoadwayReporter

Returns

dict

update_license_manager(info)

ArcGIS License Server Administrator works with your portal and enforces licenses for ArcGIS Pro. This operation allows you to change the license server connection information for your portal. When you import entitlements into portal using the Import Entitlements operation, a license server is automatically configured for you. If your license server changes after the entitlements have been imported, you only need to change the license server connection information. You can register a backup license manager for high availability of your licensing portal. When configuring a backup license manager, you need to make sure that the backup license manager has been authorized with the same organizational entitlements. After configuring the backup license manager, Portal for ArcGIS is restarted automatically. When the restart completes, the portal is configured with the backup license server you specified.

Argument

Description

info

Required string. The JSON representation of the license server connection information.

Returns

dict

PortalLicense

class arcgis.gis.admin.PortalLicense(url, gis=None, **kwargs)

The Enterprise portal requires a valid license to function correctly. This resource returns information for user types that are licensed for your organization.

Starting at 10.7, the Enterprise portal enforces user type licensing. Members are assigned a user type which determines the privileges that an be granted to the member through a role. Each user type may include access to specific apps and app bundles.

The license information returned for the organization includes the total number of registered members that can be added, the current number of members in the organization and the Portal for ArcGIS version. For each user type, the license information includes the ID, the maximum number of registered members that can be assigned, the number of members currently assigned the license and the expiration, in epoch time. In addition, this resource provides access to the Validate License, Import License, Populate License, Update License Manager, and Release License operations.

import_license(file)

The import_license operation is used to import a new license file. The portal license file contains your Enterprise portal’s user type, app and app bundle licenses. By importing a portal license file, you will be applying the licenses in the file to your organization.

Caution:

Importing a new portal license file will overwrite your organization’s current user type, app, and app bundle licenses. Before importing, verify that the new license file has sufficient user type, app, and app bundle licenses.

Argument

Description

file

Required String. The portal license file.

Returns

Boolean

populate()

The populate operation applies the license information from the license file that is used to create or upgrade your portal. This operation is only necessary as you create or upgrade your portal through the Portal Admin API.

Returns

boolean

release_license(username)

If a user checks out an ArcGIS Pro license for offline or disconnected use, this operation releases the license for the specified account. A license can only be used with a single device running ArcGIS Pro. To check in the license, a valid access token and refresh token is required. If the refresh token for the device is lost, damaged, corrupted, or formatted, the user will not be able to check in the license. This prevents the user from logging in to ArcGIS Pro from any other device. As an administrator, you can release the license. This frees the outstanding license and allows the user to check out a new license or use ArcGIS Pro in a connected environment.

Argument

Description

username

Required String. The user name of the account.

Returns

Boolean

update(info)

ArcGIS License Server Administrator works with your portal and enforces licenses for ArcGIS Pro. This operation allows you to change the license server connection information for your portal.

You can register a backup license manager for high availability of your licensing portal. After configuring the backup license manager, Portal for ArcGIS is restarted automatically. When the restart completes, the portal is configured with the backup license server you specified. When configuring a backup license manager, you will need to ensure that the backup is authorized using the same license file as your portal.

Note

Previously, premium apps were licensed individually through the portal. Starting at 10.7, there will no longer be separate licensing for apps; the portal’s user types, apps, and app bundles will be licensed using a single portal license file. Licensing ArcGIS Pro and Drone2Map requires licensing your Enterprise portal’s ArcGIS License Server Administrator (license manager). Previously, users were required to import a .lic file into the portal’s license manager. They would then generate a .json file through the license manager and import the file into portal. Now, users licensing ArcGIS Pro and Drone2Map import the same license file used to license their portal into their license manager. Users are no longer required to generate an additional license file in the license manager.

Argument

Description

info

Required Dict. The JSON representation of the license server connection information.

Returns

Boolean

Sample Usage

>>> gis.admin.system.licenses.update(info={ "hostname": "licensemanager.domain.com,backuplicensemanager.domain.com",
                                            "port": 27000
                                          })
True
validate(file, list_ut=False)

The validate operation is used to validate an input license file. Only valid license files can be imported into the Enterprise portal. If the provided file is valid, the operation will return user type, app bundle, and app information from the license file. If the file is invalid, the operation will fail and return an error message.

Argument

Description

file

Required String. The portal license file.

list_ut

Optional Boolean. Returns a list of user types that are compatible with the Administrator role. This identifies the user type(s) that can be assigned to the Initial Administrator Account when creating a portal.

Returns

Dict

Directory

class arcgis.gis.admin.Directory(url, gis=None, **kwargs)

A directory is a file system-based folder that contains a specific type of content for the portal. The physicalPath property of a directory locates the actual path of the folder on the file system. Beginning at 10.2.1, Portal for ArcGIS supports local directories and network shares as valid locations. During the Portal for ArcGIS installation, the setup program asks you for the root portal directory (that will contain all the portal’s sub directories). However, you can change each registered directory through this API.

property properties

The properties operation on a directory can be used to change the physical path and description properties of the directory. This is useful when changing the location of a directory from a local path to a network share. However, the API does not copy your content and data from the old path to the new path. This has to be done independently by the system administrator.

WebAdaptor

class arcgis.gis.admin.WebAdaptor(url, gis=None, **kwargs)

The ArcGIS Web Adaptor is a web application that runs in a front-end web server. One of the Web Adaptor’s primary responsibilities is to forward HTTP requests from end users to Portal for ArcGIS. The Web Adaptor acts a reverse proxy, providing the end users with an entry point to the system, hiding the back-end servers, and providing some degree of immunity from back-end failures. The front-end web server can authenticate incoming requests against your enterprise identity stores and provide specific authentication schemes such as Integrated Windows Authentication (IWA), HTTP Basic, or Digest. Most importantly, a Web Adaptor provides your end users with a well defined entry point to your system without exposing the internal details of your portal. Portal for ArcGIS will trust requests being forwarded by the Web Adaptor and will not challenge the user for any credentials. However, the authorization of the request (by looking up roles and permissions) is still enforced by the portal’s sharing rules.

unregister()

You can use this operation to unregister the ArcGIS Web Adaptor from your portal. Once a Web Adaptor has been unregistered, your portal will no longer trust the Web Adaptor and will not accept any credentials from it. This operation is typically used when you want to register a new Web Adaptor or when your old Web Adaptor needs to be updated.

WebAdaptors

class arcgis.gis.admin.WebAdaptors(url, gis=None, **kwargs)

The Web Adaptors resource lists the ArcGIS Web Adaptor configured with your portal. You can configure the Web Adaptor by using its configuration web page or the command line utility provided with the installation.

property configuration

Gets/Sets the common properties and configuration of the ArcGIS Web Adaptor configured with the portal.

list()

Returns all instances of WebAdaptors

USAGE: Get all Web Adaptors and list keys,values of first Web Adaptor object

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")

# Return a List of Web Adaptor objects
webadaptors = gis.admin.system.web_adaptors.list()

# Get the first Web Adaptor object and print out each of its values
for key, value in dict(webadaptors[0]).items():
    print("{} : {}".format(key, value))

# Output
machineName : yourportal.com
machineIP : 10.11.12.13
webAdaptorURL : https://yourwebserver.com/portal
id : ac17d7b9-adbd-4c45-ae13-77b0ad6f14e8
description :
httpPort : 80
httpsPort : 443
refreshServerListInterval : 1
reconnectServerOnFailureInterval : 1
Returns

List of Web Adaptor objects. Typically, only 1 Web Adaptor will exist for a Portal

WebhookManager

class arcgis.gis.admin.WebhookManager(url, gis)

Creates and manages ArcGIS Portal WebHooks. Webhooks allow you to be automatically notified when events associated with items, groups, and users occur. Once a webhook has been triggered, an HTTP request is made to a user-defined URL to provide information regarding the event.

create(name, url, events='ALL', number_of_failures=5, days_in_past=5, secret=None)

Creates a WebHook to monitor REST endpoints and report activities

Argument

Description

name

Required String. The name of the webhook.

url

Required String. This is the URL to which the webhook will deliver payloads to.

events

Otional List or String. The events accepts a list or all events can be monitored. This is done by passing “ALL” in as the events. If a list is provided, a specific endpoint can be monitored.

Item Trigger Events

Trigger event

URI example

All trigger events for all items

/items

Add item to the portal

/items/add

All trigger events for a specific item

/items/<itemID>

Delete a specific item

/items/<itemID>/delete

Update a specific item’s properties

/items/<itemID>/update

Move an item or changing ownership of the item

/items/<itemID>/move

Publish a specific item

/items/<itemID>/publish

Share a specific item

/items/<itemID>/share

Unshare a specific item

/items/<itemID>/unshare

Group Trigger Events

Trigger event

URI example

All trigger events for all groups

/groups

Add group

/groups/add

All trigger events for a specific group

/groups/<groupID>

Update a specific group

/groups/<groupID>/update

Delete a specific group

/groups/<groupID>/delete

Enable Delete Protection for a specific group

/groups/<groupID>/protect

Disable Delete Protection for a specific group

/groups/<groupID>/unprotect

Invite a user to a specific group

/groups/<groupID>/invite

Add a user to a specific group

/groups/<groupID>/addUsers

Remove a user from a specific group

/groups/<groupID>/removeUsers

Update a user’s role in a specific group

/groups/<groupID>/updateUsers

User Trigger Events

Trigger event

URI example

All trigger events for all users in the portal

/users

All trigger events associated with a specific user

/users/<username>

Delete a specific user

/users/<username>/delete

Update a specific user’s profile

/users/<username>/update

Disable a specific user’s account

/users/<username>/disable

Enable a specific user’s account

/users/<username>/enable

Example Syntax: [‘/users’, ‘/groups/abcd1234….’]

number_of_failures

Optional Integer. The number of failures to allow before the service

days_in_past

Option Integer. The number of days to report back on.

secret

Optional String. Add a Secret to your payload that can be used to authenticate the message on your receiver.

:returns WebHook

get(name)

finds a single instance of a webhook by name

list()

Returns a list of WebHook objects

property properties

returns the Webhook properties

property settings

There are several advanced parameters that can be used to configure the connection behavior of your webhook. These parameters will be applied to all of the configured webhooks in your Portal. Use the Update operation to modify any of the parameters.

** Dictionary Key/Values **

Argument

Description

notificationAttempts

Required Integer. This will determine how many attempts will be made to deliver a payload.

otificationTimeOutInSeconds

Required Integer. The length of time (in seconds) that Portal will wait to receive a response. The max response is 60.

notificationElapsedTimeInSeconds

Required Integer. The amount of time between each payload delivery attempt. By default, this is set to 30 seconds and can be set to a maximum of 100 seconds and a minimum of one second.

returns: dict

Webhook

class arcgis.gis.admin.Webhook(url, gis)

a single webhook

activate()
deactivate()

Temporarily pause the webhook. This will stop the webhook from delivering payloads when it is invoked. The webhook will be automatically deactivated when the deactivation policy is met.

Returns

boolean

delete()

Removes the current webhook from the system.

Returns

Boolean

property notifications

The notifications` will display information pertaining to trigger events associated with the specific webhook. You can use this table to monitor your webhook and the details of any delivered payloads such as the time the webhook was triggered, the response received from the payload URL, and the delivered payload data.

Returns

List

property properties
update(name=None, url=None, events=None, number_of_failures=None, days_in_past=None, secret=None)

The Update Webhook operation allows administrators to update any of the parameters of their webhook.

Argument

Description

name

Required String. The name of the webhook.

url

Required String. This is the URL to which the webhook will deliver payloads to.

events

Otional List or String. The events accepts a list of all events that can be monitored. This is done by passing “ALL” in as the events. If a list is provided, a specific endpoint can be monitored.

Item Trigger Events

Trigger event

URI example

All trigger events for all items

/items

Add item to the portal

/items/add

All trigger events for a specific item

/items/<itemID>

Delete a specific item

/items/<itemID>/delete

Update a specific item’s properties

/items/<itemID>/update

Move an item or changing ownership of the item

/items/<itemID>/move

Publish a specific item

/items/<itemID>/publish

Share a specific item

/items/<itemID>/share

Unshare a specific item

/items/<itemID>/unshare

Group Trigger Events

Trigger event

URI example

All trigger events for all groups

/groups

Add group

/groups/add

All trigger events for a specific group

/groups/<groupID>

Update a specific group

/groups/<groupID>/update

Delete a specific group

/groups/<groupID>/delete

Enable Delete Protection for a specific group

/groups/<groupID>/protect

Disable Delete Protection for a specific group

/groups/<groupID>/unprotect

Invite a user to a specific group

/groups/<groupID>/invite

Add a user to a specific group

/groups/<groupID>/addUsers

Remove a user from a specific group

/groups/<groupID>/removeUsers

Update a user’s role in a specific group

/groups/<groupID>/updateUsers

User Trigger Events

Trigger event

URI example

All trigger events for all users in the portal

/users

All trigger events associated with a specific user

/users/<username>

Delete a specific user

/users/<username>/delete

Update a specific user’s profile

/users/<username>/update

Disable a specific user’s account

/users/<username>/disable

Enable a specific user’s account

/users/<username>/enable

Example Syntax: [‘/users’, ‘/groups/abcd1234….’]

number_of_failures

Optional Integer. The number of failures to allow before the service

days_in_past

Option Integer. The number of days to report back on.

secret

Optional String. Add a Secret to your payload that can be used to authenticate the message on your receiver.

:returns Boolean