arcgis.gis.admin module

Classes for administering your GIS.

The gis.admin property is dynamically set at runtime based on what kind of GIS (ArcGIS Enterprise or ArcGIS Online) an administrator connects to. For ArcGIS Online GIS, administrators will get an instance of AGOLAdminManager from the gis.admin property. For ArcGIS Enterprise GIS , administrators will get an instance of PortalAdminManager from the gis.admin property.

AGOLAdminManager

class arcgis.gis.admin.AGOLAdminManager(gis, ux=None, metadata=None, collaborations=None)

Bases: object

This is the root resource for administering your online GIS. Starting from this root, all of the GIS’s environment is organized into a hierarchy of resources and operations.

Parameter: :param gis: GIS object containing Administrative credentials :param ux: the UX object (optional) :param metadata: the metadata manager object (optional) :param collaborations: the CollaborationManager object (optional)

category_schema

This resource allows for the setting and manipulating of catagory schemas.

collaborations

The collaborations resource lists all collaborations in which a portal participates

credits

manages the credits on a ArcGIS Online

history(start_date, num=100, save_folder=None)

Returns a CSV file containing the login history from a start_date to the present.

Argument Description
start_date Required datetime.datetime object. The beginning date.
num Optional Integer. The maximum number of records to return.
save_folder Optional String. The save location of the CSV file.
Returns:string
idp

This resource allows for the setting and configuration of the identity provider

license

provides a set of tools to access and manage user licenses and entitlements.

metadata

resources to work with metadata on GIS

password_policy

tools to manage a Site’s password policy

social_providers

This resource allows for the setting and configuration of the social providers for a GIS.

urls

returns the URLs to the Hosting and Tile Server for ArcGIS Online

usage_reports

provides access to the usage reports of the AGOL organization

ux

returns a UX/UI manager

PortalAdminManager

class arcgis.gis.admin.PortalAdminManager(url, gis=None, **kwargs)

Bases: arcgis.gis.admin._base.BasePortalAdmin

This is the root resource for administering your portal. Starting from this root, all of the portal’s environment is organized into a hierarchy of resources and operations. A version number is returned as a part of this resource. After installation, the portal can be configured using the Create Site operation. Once initialized, the portal environment is available through System and Security resources.

Parameter: :param url: web address to portaladmin API :param gis: GIS object containing Administrative credentials :param initialize: (optional) if True, properties of REST endpoint are loaded on creation of object. False (default) means they are loaded when needed.

category_schema

This resource allows for the setting and manipulating of catagory schemas.

collaborations

The collaborations resource lists all collaborations in which a portal participates

federation

provides access into the federation settings of a server.

history(start_date, num=100, save_folder=None)

Returns a CSV file containing the login history from a start_date to the present.

Argument Description
start_date Required datetime.datetime object. The beginning date.
num Optional Integer. The maximum number of records to return.
save_folder Optional String. The save location of the CSV file.
Returns:string
idp

This resource allows for the setting and configuration of the identity provider

license

provides a set of tools to access and manage user licenses and entitlements.

living_atlas

provides a set of tools to manage and setup Living Atlas content.

logs

returns a class to work with the portal logs

machines

This resource lists all the portal machines in a site. Each portal machine has a status that indicates whether the machine is ready to accept requests.

metadata

returns a set of tools to work with ArcGIS Enterprise metadata settings.

password_policy

tools to manage a Site’s password policy

security

accesses the controls for the security of a local portal site

servers

returns a server manager object

site

Site is the root resources used after a local GIS is installed. Here administrators can create, export, import, and join sites.

social_providers

This resource allows for the setting and configuration of the social providers for a GIS.

system

This resource provides access to the ArcGIS Web Adaptor configuration, portal directories, database management server, indexing capabilities, license information, and the properties of your portal.

ux

returns a UX/UI manager

Bundle

class arcgis.gis.admin.Bundle(url, properties=None, gis=None)

Bases: object

This represents a single instance of an application bundle

assign(users)

Assigns the current application bundle to a list of users

Argument Description
users Required List. A list of user names or User objects to assign the current application bundle to.
Returns:boolean
properties

returns the application bundles properties

revoke(users)

Revokes the current application bundle to a list of users

Argument Description
users Required List. A list of user names or User objects to remove the current application bundle to.
Returns:boolean
users

returns a list of users assigned the application bundle

CategoryManager

class arcgis.gis.admin.CategoryManager(gis)

Bases: object

This class allows for the addition, removal and viewing of category schema.

add(items, category)

Adds a category to an existing set of items

Argument Description
items Required Items. The content within a GIS that will be updated with a list of categories.
category Required String. Assigns a category value to the items.
>>> item = [gis.content.get("<item id 1>"),
            gis.content.get("<item id 2>")]
>>> cs = gis.admin.category_schema
>>> print(cs.add(items=[item], category="/Categories/TEST3"))
[{'results': [{'itemId': '<item id 1>', 'success': True}]},
 {'results': [{'itemId': '<item id 2>', 'success': True}]}]
Returns:dict
categorize_item(item, categories)

Assigns or removes a category to a single item.

Argument Description
item Required Item or Item ID (string). The content within a GIS that will be updated with a list of categories.
categories Required list. Assigns a list of string values to the item’s categories
Returns:boolean
remove(items, category)

remove a category to an item or items

replace(items, old_category, new_catgory)

finds and replaces a category value with a new value one

reset(items)

deletes all the categories for a given set of items

schema

Get/Sets the catagory schema for a GIS.

When schema is used as a getter, then operation returns the GIS’ defined category schema is any.

When schema is used as a setter, the parameter:

Argument Description
value

optional list. The schema list. Syntax Example: [

{

“title”: “Themes”, “categories”: [

{

“title”: “Basemaps”, “categories”: [

{“title”: “Partner Basemap”}, {

“title”: “Esri Basemaps”, “categories”: [

{“title”: “Esri Redlands Basemap”}, {“title”: “Esri Highland Basemap”}

]

}

]

},

{

“title”: “Region”, “categories”: [

{“title”: “US”}, {“title”: “World”}

]

}]}]

CollaborationManager

class arcgis.gis.admin.CollaborationManager(gis, portal_id=None)

Bases: object

accept_invitation(first_name, last_name, email, invitation_file=None, invitation_JSON=None, webauth_username=None, webauth_password=None, webauth_cert_file=None, webauth_cert_password=None)

The accept_invitation operation allows a portal to accept a collaboration invitation. The invitation file received securely from the collaboration host portal must be provided. Once a guest accepts an invitation to a collaboration, it must link workspace(s) associated with the collaboration to local portal group(s). The guest must export a collaboration invitation response file and send it to the host. Once the host processes the response, content can be shared between the host and guest(s).

Argument Description
first_name Required string. The first name of the contact person for the guest portal.
last_name Required string. The last name of the contact person.
email Required string. The email of the contact person.
invitation_file Optional string. The invite file to upload to portal. Use either this parameter or invitation_JSON.
invitation_JSON Optional string. The same contents as the invitation_file parameter but passed as a string. Use either this parameter or invitation_file.
webauth_username Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication user name.
webauth_password Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication password.
webauth_cert_file Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate file.
webauth_cert_password Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate password.
Returns:dict
collaborate_with(guest_gis, collaboration_name, collaboration_description)

A high level method to quickly establish a collaboration between two GIS. This method uses defaults wherever applicable and internally calls the create, accept_invitation and invite_participant methods. This method will create a new group and a new workspace in both the host and guest GIS for this collaboration. Invitation and response files created during the collaborations will be downloaded to the current working directory.

Use the other methods if you need fine-grained control over how the collaboration is set up.

Argument Description
guest_gis Required GIS. GIS object of the guest org or Enterprise.
collaboration_name Required string. A generic name for the collaboration. This name is used with prefixes such as wksp_<your_collab_name>, grp_<your_collab_name> to create the collaboration workspace and groups.
collaboration_description Optional string. A generic description for the collaboration.
Returns:boolean
create(name, description, workspace_name, workspace_description, portal_group_id, host_contact_first_name, host_contact_last_name, host_contact_email_address, access_mode='sendAndReceive')

The create method creates a collaboration. The host of the collaboration is the portal where it is created. The initial workspace for the collaboration is also created. A portal group in the host portal is linked to the workspace. The access mode for the host portal is set. The contact information associated with the host can be specified; otherwise, the contact information for the administrator user performing the operation will be used.

Argument Description
name Required string. Name of the collaboration
description Required string. Description of the collaboration
workspace_name Required string. The name of the initial workspace.
workspace_description Required string. The description of the initial workspace.
portal_group_id Required string. ID of group in the portal that will be linked with the workspace.
host_contact_first_name Required string. The first name of the contact person for the collaboration host portal.
host_contact_last_name Required string. The last name of the contact person for the collaboration host portal.
host_contact_email_address Required string. The email address of the contact person for the collaboration host portal.
access_mode Required string. The organization’s access mode to the workspace. Values: send | receive | sendAndReceive (default)
Returns:the data item is registered successfully, None otherwise
list()

gets all collaborations for a portal

validate_invitation(first_name, last_name, email, invitation_file=None, invitation_JSON=None, webauth_username=None, webauth_password=None, webauth_cert_file=None, webauth_cert_password=None)

The validate_invitation method allows a portal to validate a collaboration invitation. The invitation file received securely from the collaboration host portal must be provided. Validation checks include checking that the invitation is for the intended recipient.

Argument Description
first_name Required string. The first name of the contact person for the guest portal.
last_name Required string. The last name of the contact person.
email Required string. The email of the contact person.
invitation_file Optional string. The invite file to upload to portal. Use either this parameter or invitation_JSON.
invitation_JSON Optional string. The same contents as the invitation_file parameter but passed as a string. Use either this parameter or invitation_file.
webauth_username Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication user name.
webauth_password Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication password.
webauth_cert_file Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate file.
webauth_cert_password Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate password.
Returns:dict

Collaboration

class arcgis.gis.admin.Collaboration(collab_manager, collab_id, portal_id=None)

Bases: dict

The collaboration resource returns information about the collaboration with a specified ID.

add_group_to_workspace(portal_group, workspace)
This operation adds a group to a workspace that participates in a portal-to-portal collaboration. Content shared
to the portal group is shared to other participants in the collaboration.
Argument Description
portal_group Required Group of string. Group ID or object to add to the workspace.
Returns:dict
add_workspace(name, description, config, portal_group_id)

The add_workspace resource adds a new workspace to a portal-to-portal collaboration. Only collaboration hosts can create new workspaces.

Argument Description
name Required string. The name of the workspace.
description Required string. Brief description of the workspace.
portal_group_id Required string. The ID of the portal group linked with the workspace.
Returns:dict
delete()

The delete operation deletes a portal-to-portal collaboration from the host portal. This stops any sharing set up from the collaboration. The collaboration will be removed on guest portals on the next refresh of their content based on the collaboration sharing schedule. Guests cannot delete collaborations, but they can discontinue participation in a collaboration via the removeParticipation endpoint.

export_invitation(out_folder)

The exportInvitationResponse operation exports a collaboration invitation response file from a collaboration guest portal. The exported response file must be sent via email or through other communication channels that are established in your organization to the inviting portal’s administrator. The inviting portal’s administrator will then import your response file to complete the establishment of trust between your portals. It is important that the contents of this response file are not intercepted and tampered with by any unknown entity.

Argument Description
out_folder Required string. Save location of the file.
Returns:string
get_invitation(invitation_id)

The get_invitation operation returns the information about an invitation to participate in a portal-to-portal collaboration for a particular invitation with the specified ID.

get_participant(portal_id)

The participant operation provides information about the collaboration participant with a specified ID.

get_workspace(workspace_id)

The workspace resource provides information about the collaboration workspace with a specified ID.

import_invitation_response(response_file, webauth_username=None, webauth_password=None, webauth_cert_file=None, webauth_cert_password=None)

The importInvitationResponse operation imports an invitation response file from a portal collaboration guest. The operation is performed on the portal that serves as the collaboration host. Once an invitation response is imported, trust between the host and the guest is established. Sharing of content between participants can proceed from this point.

Argument Description
response_file Required string. File path to the response file.
webauth_username Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication user name.
webauth_password Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication password.
webauth_cert_file Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate file.
webauth_cert_password Optional string. If the collaboration host requires web-tier authentication, optionally use this parameter to provide the host’s web-tier authentication certificate password.
Returns:dict
invalidate(invitation_id)

The invalidate operation invalidates a previously generated portal-to-portal collaboration invitation. If a guest accepts this invitation and sends an invitation response for it, the response will not import successfully on the collaboration host.

invitations

The invitations operation returns the invitation information for all the invitations generated by a portal-to-portal collaboration host.

invite_participant(config_json, expiration=24, guest_portal_url=None, guest_gis=None, save_path=None)

As a collaboration host, once you have set up a new collaboration, you are ready to invite other portals as participants in your collaboration. The inviteParticipant operation allows you to invite other portals to your collaboration by creating an invitation file. You need to send this invitation file to the administrator of the portal you are inviting to your collaboration. This can be done via email or through other communication channels that are established in your organization. It is important that the contents of this invitation file are not intercepted and tampered with by any unknown entity. The invitation file is in the format collaboration-<guestHostDomain>.invite. The administrator of the participant will accept the invitation by importing the invitation file into their portal. Their acceptance is returned to you as another file that you must import into your portal using the import_invitation_response operation. This will establish trust between your portal and that of your participant.

Argument Description
config_json

Required dict. A dict containing a map of access modes for the participant in each of the collaboration workspaces. Defined as: send | receive | sendAndReceive

Example:
config_json = [
{“workspace_id” : “send”}, {“workspace_id2” : “receive”}, {“workspace_id3” : “sendAndReceive”}

]

expiration Optional integer. The time in UTC when the invitation to collaborate should expire.
guest_portal_url Optional string. The URL of the participating org or Enterprise that you want to invite to the collaboration.
guest_gis Optional GIS. GIS object to the guest collaboration site.
save_path Optional string. Path to download the invitation file to.
Returns:contents of a file that contains the invitation information
participants()

The participants resource provides information about all of the participants in a portal-to-portal collaboration.

refresh(invitation_id)

The refresh operation refreshes a previously generated portal-to-portal collaboration invitation. The new invitation file is provided via a multipart POST response. The expiration for the invitation is extended an additional 72 hours from the current time.

Argument Description
invitation_id Required string. ID of the invitation to refresh
Returns:dict
remove_participant(portal_id)

The remove operation allows a collaboration host to remove a participant from a portal-to-portal collaboration.

Argument Description
portal_id Required string. ID of the portal to remove.
Returns:dict
remove_participation()

The removeParticipation operation removes collaboration participation by a guest from a collaboration, allowing a guest to exit a collaboration. This immediately disables further replication of data to and from the portal and the other collaboration participants.

The remove_portal_group_link operation removes the link between a collaboration workspace and a portal group. Replication of content discontinues when the link is removed.

Argument Description
workspace_id Required string. Workspace ID to remove from the link.
Returns:dict
remove_workspace(workspace_id)

The delete operation deletes a collaboration workspace. This immediately disables further replication of data to and from the portal and the collaboration participants.

Argument Description
workspace_id Optional string. UID of the workspace to remove from the collaboration.
Returns:dict
update_access_modes(portal_id, workspace_access_json)

The update_access_modes operation updates the access mode for a specific participant in a portal-to-portal collaboration.

Argument Description
portal_id Required string. UID of the Portal
workspace_access_json Required dict/string. JSON describing the participant’s access mode.
Returns:dict
update_collaboration(name=None, description=None, config=None)

The updateInfo operation updates certain properties of a collaboration, primarily its name, description, and configuration properties. The updates are propagated to guests when the next scheduled refresh of content occurs.

Argument Description
name Optional string. Name of the collaboration
description Optional string. The description of the collaboration
config Optional dict. The configuration properties of the collaboration
Returns:dict

The updatePortalGroupLink operation updates the group linked with a workspace for a participant in a portal-to-portal collaboration. Content shared to the portal group is shared to other participants in the collaboration.

Argument Description
workspace_id Required string. UID of the workspace
portal_id Required string. UID of the Portal
enable_realtime_sync Optional boolean. Determines whether the content shared with the group is shared to other collaboration participants in real time, updating whenever changes are made, or whether the content is shared based on a schedule set by the collaboration host.
interval_hours Optional integer. sets the sharing schedule for the group
Returns:dict
update_workspace(workspace_id, name=None, description=None, config=None)

The updateInfo operation updates certain collaboration workspace properties.

Argument Description
workspace_id Required string. UID of the workspace
name Optional string. The name of the workspace
description Optional string. A brief set of texts that explains the workspace
config Optional dict. The configuration details of the new workspace
Returns:dict
validate_invitation_response(response_file)

Prior to importing a collaboration invitation response, the invitation response file can be validated by using the validate_invitation_response operation to check for the existence of the collaboration and validity of the invitation response file.

Argument Description
response_file Required string. Path to the collaboration response file.
Returns:dict
workspaces

The workspaces resource lists all the workspaces in a given collaboration. A workspace is a virtual space in the collaboration to which each participating portal is either sending or receiving content. Workspaces can only be created by the collaboration owner.

CreditManager

class arcgis.gis.admin.CreditManager(gis)

Bases: object

Manages an AGOL Site’s Credits for users and sites

Example Usage

from arcgis.gis import GIS
gis = GIS(profile='agol_account')
cm = gis.admin.credits
cm.allocate("user1", 100)
allocate(username, credits=None)

Allows organization administrators to allocate credits for organizational users in ArcGIS Online

Argument Description
username Required string.The name of the user to assign credits to.
credits Optional float. The number of credits to assign to a user. If None is provided, it sets user to unlimited credits.
Returns:boolean
credit_usage(start_time=None, end_time=None)

returns the total credit consumption for a given time period.

arguements description
start_time datetime.datetime object. This is the date to start at.
end_time datetime.datetime object. This is the stop time to look for credit consumption. It needs to be at least 1 day previous than then start_time.

returns: dictionary

credits

returns the current number of credits on the GIS

deallocate(username)

Allows organization administrators to remove credit allocation for organizational users in ArcGIS Online

Argument Description
username Required string.The name of the user to remove all credit from.
Returns:boolean
default_limit

Gets/Sets the default credit allocation for AGOL

disable()

disables credit allocation on AGOL

enable()

enables credit allocation on AGOL

is_enabled

boolean that show is credit credit assignment

License

class arcgis.gis.admin.License(gis, info)

Bases: object

Represents a single entitlement for a given organization.

Argument Description
gis required GIS, the gis connection object
info required dictionary, the information provided by the organization’s site containing the provision and listing information.
Returns:License Object
all()

returns a list of all usernames and their entitlements for this license

assign(username, entitlements, suppress_email=True)

grants a user an entitlement. =============== ==================================================== Argument Description ————— —————————————————- username required string, the name of the user you wish to

assign an entitlement to.

————— —————————————————- entitlments required list, a list of entitlements values ————— —————————————————- suppress_email optional boolean, if True, the org will not notify

a user that their entitlements has changed (default) If False, the org will send an email notifying a user that their entitlements have changed.
plot()

returns a simple bar chart of assigned and remaining entitlements

properties
report

returns a Panda’s Dataframe of the licensing count.

revoke(username, entitlements, suppress_email=True)

removes a specific license from a given entitlement

Argument Description
username required string, the name of the user you wish to assign an entitlement to.
entitlments required list, a list of entitlements values, if * is given, all entitlements will be revoked
suppress_email optional boolean, if True, the org will not notify a user that their entitlements has changed (default) If False, the org will send an email notifying a user that their entitlements have changed.
Returns:boolean
user_entitlement(username)

checks if a user has the entitlement assigned to them

Argument Description
username required string, the name of the user you want to examine the entitlements for.
Returns:dictionary

LicenseManager

class arcgis.gis.admin.LicenseManager(url, gis=None, initialize=True, **kwargs)

Bases: arcgis.gis.admin._base.BasePortalAdmin

Provides tools to work and manage licenses in ArcGIS Online and ArcGIS Enterprise (Portal)

Argument Description
url required string, the web address of the site to manage licenses. example: https://<org url>/<wa>/sharing/rest/portals/self/purchases
gis required GIS, the gis connection object
Returns:LicenseManager Object
all()

Returns all Licenses registered with an organization

Returns:list of License objects
bundles

Returns a list of Application Bundles for an Organization

Returns:list of Bundle objects
get(name)

retrieves a license by it’s name (title) =============== ==================================================== Argument Description ————— —————————————————- name required string, name of the entitlement to locate

on the organization. example: name=”arcgis pro”
offline_pro

Administrators can get/set the disconnect settings for the ArcGIS Pro licensing. A value of True means that a user can check out a license from the enterprise inorder to use it in a disconnected setting. By setting offline_pro to False, the enterprise users cannot check out licenses to work in a disconnected setting for ArcGIS Pro.

Returns:Boolean

IdentityProviderManager

class arcgis.gis.admin.IdentityProviderManager(gis=None)

Bases: object

Manages and Updates the SAML identity provider configuration for a given GIS.

configuration

Gets, updates, or Adds a SAML provider

Arguement Value
value

required dictionary. This property sets, updates or deletes an IDP configuration for a given GIS.

To configure an IDP, provide the key/value Example: idp.configuration = {‘name’ : ‘Enterprise IDP’,

‘idpMetadataFile’ : ‘metadata.xml’

}

Once a site has been configured to use IDP, the configuration can be updated by passing in the key/value pair dictionary. Example:

idp.configuration = {‘name’ : ‘Acme IDP Login’}

To erase an IDP configuration, set the value to None Example: idp.configuration = None

Everytime the IDP configuration is updated, the changes can be seen by calling the ‘configuration’ property and the new results will be returned as a dictionary.

Key:Value Dictionary for Argument value

Key Value
bindingPostUrl Optional string. If the idpMetadataFile isn’t specified when an administrator, this parameter is required. It is federated identity provider post url.
bindingUrl Optional string. If the idpMetadataFile isn’t specified when an administrator, this parameter is required. It is federated identity provider url that we have to redirect the user to login to.
certificate Optional string. the X509Certificate that needs to be used to validate the SamlResponse from the identity provider.
encryptionCertificate Optional string. the X509Certificate that needs to be used to validate the SamlResponse from the identity provider.
encryptionSupported Optional bool. Tells is the SAML provider supports encryption.
entityId Optional string. Name of the entity ID.
groups Optional list. List of group ids that users will be put in on when they signup to join the GIS.
id Optional string. unique identifier of the IDP provider.
idpMetadataFile Optional string. In the case the URL is not accessible, then the same IDP Metadata file can be uploaded.
level Optional integer. Either value 1 or 2. The default level a user will be created as. The default is 2.
logoutUrl Optional string. The logout SAML url.
name Optional string. It is the name of the organization’s federated identity provider. This is also the name we show up in the Signin page.
roleId Optional string. Default role new users will be.
signUpMode Optional string. This is how new users are added to the GIS. There are two modes: Invitation, Automatic Invitation user needs to get an invitation and then signin through federated identity provider. With Automatic all users that signin through the federated identity provider will be added as a user. The privilege/role is set to ‘user’ Default is Invitation.
supportSignedRequest Optional boolean. Determines if signed requests are supported from the provider.
supportsLogoutRequest Optional boolean. Determines if logout requests are accepted.
updateProfileAtSignin Optional boolean. If True, users have to update the profile.
useSHA256 Optional boolean. If set to true, SHA256 encryption will be used.
userCreditAssignment Optional integer. Assigns a set number of credits to new users. The default is -1 (infinite).
properties

returns the properties of the IDP configuration

PasswordPolicy

class arcgis.gis.admin.PasswordPolicy(url, gis=None, **kwargs)

Bases: arcgis.gis.admin._base.BasePortalAdmin

Manages a GIS Security Policy. Administrators can view, update or reset the site’s security policy.

policy

gets/sets the current security policy

reset()

resets the security policy to the default install settings

PortalResourceManager

class arcgis.gis.admin.PortalResourceManager(gis)

Bases: object

Helper class to manage a GIS’ resources

Argument Description
gis required GIS, connection to ArcGIS Online or ArcGIS Enterprise
add(key=None, path=None, text=None, **kwargs)

The add resource operation allows the administrator to add a file resource, for example, the organization’s logo or custom banner. The resource can be used by any member of the organization. File resources use storage space from your quota and are scanned for viruses.

Argument Description
key optional string, look up key for file
path optional string, file path to the local resource to upload
text optional string, text value to add to the site’s resources
access optional string, sets the access level for the resource. The default is ‘public’. Values: public, org, orgprivate
Returns:boolean
delete(key)

The Remove Resource operation allows the administrator to remove a file resource.

Argument Description
key optional string, look up key for file to delete
Returns:boolean
get(resource_name, download_path=None)

Download or get a portal resource item

Argument Description
resource_name optional string, key/name of data
download_path optional string, save folder location
Returns:path to data or raw data if not file.
list(start=1, num=100)

returns a list of resources uploaded to portal. The items can be images, files and other content used to stylize and modify a portal’s appearance.

Argument Description
start optional int, start location of the search. The default is a value of 1
num optional int, the number of search results to return at one time. The value ranges between 1-100 (max). Default: 100
Returns:boolean

UX

class arcgis.gis.admin.UX(gis)

Bases: object

Helper class for modifying the portal home page. This class is not created by users directly. An instance of the class, called ‘ux’, is available as a property of the GIS object. Users call methods on this ‘ux’ object to set banner, background, logo, name etc.

default_basemap

returns the site’s default extent

return:dictionary
default_extent

returns the site’s default extent

return:dictionary
description

Returns the site’s description.

return:dictionary
description_visibility

Returns the site’s description visibility

return:boolean
enable_comments

Turn on item comments

featured_content

Returns the featured content group information. The information can then be set using the ‘set_featured_content()’.

return:dictionary
Usage Example:
>>> data = ux.get_featured_content()
>>> ux.set_featured_content(data)
True
get_background(download_path)

Get your organization’s home page background image. You can use the set_background() method to set an image as the home page background image.

For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-home.htm

Argument Description
download_path required string. Folder path to download the background file.
Returns:Path to downloaded background file.
get_banner(download_path)

Get your organization’s home page banner image. You can use the set_banner() method to set an image or custom HTML code as your banner. ================ =============================================================== Argument Description —————- ————————————————————— download_path required string. Folder path to download the banner file. ================ ===============================================================

return:Path to downloaded banner file.

Get your organization’s logo/thumbnail. You can use the set_logo() method to set an image as your logo. ================ =============================================================== Argument Description —————- ————————————————————— download_path required string. Folder path to download the logo file. ================ ===============================================================

return:Path to downloaded logo file.
name

Returns the site’s name. The name can get defined using the ‘set_name()’.

return:string of the name of the site
set_background(background_file=None, is_built_in=True)

Configure your home page by setting the organization’s background image. You can choose no image, a built-in image or upload your own. If you upload your own image, the image is positioned at the top and center of the page. The image repeats horizontally if it is smaller than the browser or device window. For best results, if you want a single, nonrepeating background image, the image should be 1,920 pixels wide (or smaller if your users are on smaller screens). The website does not resize the image. You can upload a file up to 1 MB in size.

For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-home.htm

Argument Description
background_file
optional string. If using a custom background, specify path to image file.
To remove an existing background, specify None for this argument and False for is_built_in argument.
is_built_in
optional bool, default=True. The built-in background is set by default.
If uploading a custom image, this parameter is ignored.
Returns:True | False
set_banner(banner_file=None, is_built_in=False, custom_html=None)

Configure your home page by setting the organization’s banner. You can choose one of the 5 built-in banners or upload your own. For best results the dimensions of the banner image should be 960 x 180 pixels. You can also specify a custom html for how the banner space should appear. For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-home.htm

Argument Description
banner_file
optional string. If uploading a custom banner, then path to the
banner file. If using a built-in banner, valid values are banner-1, banner-2, banner-3, banner-4, banner-5. If None, existing banner is remove.
is_built_in
optional bool, default=False. Specify True if using a built-in
banner file.
custom_html
optional string. Specify exactly how the banner should appear in
html. For help on this, refer to http://server.arcgis.com/en/portal/latest/administer/windows/supported-html.htm
Returns:True | False

Configure your home page by setting the organization’s logo image. For best results the logo file should be 65 x 65 pixels in dimension.

For more information, refer to http://server.arcgis.com/en/portal/latest/administer/windows/configure-general.htm

Argument Description
logo_file optional string. Specify path to image file. If None, existing thumbnail is removed.
Returns:True | False
summary

Allows the get/setting of a brief summary to describe your organization on the sign in page associated with its custom apps and sites. This summary has a maximum of 310 characters.

Argument Description
text Required string. The brief description of the organization.
Returns:string
vector_basemap

gets/sets the default vector basemap

Federation

class arcgis.gis.admin.Federation(url, gis)

Bases: arcgis.gis.admin._base.BasePortalAdmin

This resource returns information about the ArcGIS Servers registered with Portal for ArcGIS.

federate(url, admin_url, username, password)

This operation enables ArcGIS Servers to be federated with Portal for ArcGIS.

Argument Description
url: Required string. The URL of the GIS server used by external users when accessing the ArcGIS Server site. If the site includes the Web Adaptor, the URL includes the Web Adaptor address, for example, https://webadaptor.domain.com/arcgis. If you’ve added ArcGIS Server to your organization’s reverse proxy server, the URL is the reverse proxy server address (for example, https://reverseproxy.domain.com/myorg). Note that the federation operation will perform a validation check to determine if the provided URL is accessible from the server site. If the resulting validation check fails, a warning will be generated in the Portal for ArcGIS logs. However, federation will not fail if the URL is not validated, as the URL may not be accessible from the server site, such as is the case when the server site is behind a firewall.
admin_url Required string. The URL used for accessing ArcGIS Server when performing administrative operations on the internal network, for example, https://gisserver.domain.com:6443/arcgis.
username Required string. The username of the primary site administrator account
password Required string. password of the username above.
Returns:dict, server response with server ID
servers

This resource returns detailed information about the ArcGIS Servers registered with Portal for ArcGIS, such as the ID of the server, name of the server, ArcGIS Web Adaptor URL, administration URL, and if the server is set as a hosting server.

unfederate(server_id)

This operation unfederates an ArcGIS Server from Portal for ArcGIS.

Argument Description
server_id Required string. The unique ID of the server
Returns:boolean
update(server_id, role, function=None)

This operation allows you to set an ArcGIS Server federated with Portal for ArcGIS as the hosting server or to enforce fine-grained access control to a federated server. You can also remove hosting server status from an ArcGIS Server. You can also remove hosting server status from an ArcGIS Server. To set a hosting server, an enterprise geodatabase must be registered as a managed database with the ArcGIS Server.

Argument Description
server_id Required string. The unique ID of the server
role Required string. Whether the server is a hosting server for the portal, a federated server, or a server with restricted access to publishing. The allowed values are: FEDERATED_SERVER, FEDERATED_SERVER_WITH_RESTRICTED_PUBLISHING, or HOSTING_SERVER.
function Optional string. This is the purpose of the ArcGIS Server. Values are: GeoAnalytics, RasterAnalytics, ImageHosting, or None
Returns:boolean
validate(server_id)

This operation provides status information about a specific ArcGIS Server federated with Portal for ArcGIS.

Argument Description
server_id Required string. The unique ID of the server
Returns:dict
validate_all()

This operation returns information on the status of ArcGIS Servers registered with Portal for ArcGIS.

Logs

class arcgis.gis.admin.Logs(url, gis)

Bases: arcgis.gis.admin._base.BasePortalAdmin

Logs are records written by various components of the portal. You can query the logs, clean the logs, and edit log settings.

Argument Description
gis required GIS, portal connection object
url required string, web address of the log resource
clean()

Deletes all the log files on the machine hosting Portal for ArcGIS. This operation allows you to free up disk space. The logs cannot be recovered after executing this operation.

USAGE: Clean logs from your Portal Admin API

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
logs = gis.admin.logs
resp = logs.clean()
print(resp)

# Output
True
Returns:Boolean True or False depicting success
query(start_time, end_time=None, level='WARNING', query_filter='*', page_size=1000)

The query operation allows you to aggregate, filter, and page through logs written by the portal.

Argument Description
start_time

required datetime/float. The most recent time to query.

Local date corresponding to the POSIX timestamp, such as is returned by time.time(). This may raise OverflowError, if the timestamp is out of the range of values supported by the platform. It’s common for this to be restricted to years from 1970 through 2038. Time can be specified as a portal timestamp (format in “%Y-%m-%dT%H:%M:%S”) or in seconds since UNIX epoch. For :Examples: Datetime Object: datetime.datetime.now() Timestamp: “2015-08-01T15:17:20,123” Seconds: 1312237040.123/time.time() Default: datetime.datetime.now()

end_time

optional datetime/float, The oldest time to include in the result set. You can use this to limit the query to the last number of minutes, hours, days, months, and years as needed.

Local date corresponding to the POSIX timestamp, such as is returned by time.time(). This may raise OverflowError, if the timestamp is out of the range of values supported by the platform. It’s common for this to be restricted to years from 1970 through 2038.

Datetime Object: datetime.datetime.now() Timestamp: “2015-08-01T15:17:20,123” Seconds: 1312237040.123/time.time() Default: datetime.datetime.now()

level optional string, Can be one of [OFF, SEVERE, WARNING, INFO, FINE, VERBOSE, DEBUG]. Returns only records with a log level at or more severe than the level specified. Default: WARNING
query_filter

optional string, Filtering is allowed by any combination of codes, users, and source components. The filter accepts a comma delimited list of filter definitions. If any definition is omitted, it defaults to all (“*”). :Example: {“codes”:[204000-205999,212015,219114], “users”:[“admin”,”jcho”],

“source”: [“PORTAL ADMIN”]}

The source of logged events are generated from the sharing, administrative, and portal components of the software. For example:

  • Events related to publishing and users are categorized under SHARING.
  • Events related to security and indexing are categorized under PORTAL ADMIN.
  • Events related to installing the software are categorized under PORTAL.
page_size optional integer, the number of log records to return. The default is 1000
Returns:dictionary of messages
settings

Reads/writes the current log settings for the portal.

USAGE: Print out the Log Settings

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
logs = gis.admin.logs
logsettings = logs.settings
for key, value in dict(logsettings).items():
    print("{} : {}".format(key, value))

# Output
logDir : C:\arcgisportal\logs
logLevel : INFO
maxErrorReportsCount : 10
maxLogFileAge : 90
usageMeteringEnabled : False
Returns:Dictionary of key/value pairs of log settings

Machines

class arcgis.gis.admin.Machines(url, gis, portaladmin, **kwargs)

Bases: arcgis.gis.admin._base.BasePortalAdmin

This resource lists all the portal machines in a site. Each portal machine has a status that indicates whether the machine is ready to accept requests.

get(name)

allows for retrieval of a single instance of Machine by it’s registered name.

list()

provides a list of all registered machines with the local GIS

Security

class arcgis.gis.admin.Security(url, gis=None, **kwargs)

This resource is an umbrella for a collection of system-wide resources for your portal. This resource provides access to the ArcGIS Web Adaptor configuration, portal directories, database management server, indexing capabilities, license information, and the properties of your portal.

config

The security configuration consists of the identity store configuration. If your portal will be authenticated through ArcGIS Web Adaptor, you must set up your preferred authentication on your web server. Use the Update Identity Store operation to configure your portal to connect to your enterprise identity provider such as Windows Domain or LDAP. By default, Portal for ArcGIS is configured to use the built-in store and token-based authentication.

enterpriseusers

provides access into managing enterprise users

groups

provides access to managing Enterprise Groups with Portal

oauth

The OAuth resource contains a set of operations that update the OAuth2-specific properties of registered applications in Portal for ArcGIS.

ssl

Provides access to managing and updating SSL Certificates on a Portal site.

test_identity_store

This operation can be used to test the connection to a user or group store.

Argument Description
user_config Optional dict. The user store configuration
group_config Optional dict. The group store configuration
Returns:dict
tokens

This resource represents the token configuration within your portal. Use the set on token_config operation to change the configuration properties of the token service.

update_identity_store(user_config=None, group_config=None)

You can use this operation to change the identity provider and group store configuration in your portal. When Portal for ArcGIS is first installed, it supports token-based authentication and built-in groups using the built-in identity store for accounts. To configure your portal to connect to your enterprise authentication mechanism and group store, it must be configured to use an enterprise identity store such as Windows Active Directory or LDAP.

See: http://resources.arcgis.com/en/help/arcgis-rest-api/index.html#/Update_Identity_Store/02r300000249000000/

Argument Description
user_config Optional dict. The user store configuration
group_config Optional dict. The group store configuration
Returns:dict

OAuth

class arcgis.gis.admin.OAuth(url, gis=None, **kwargs)

The OAuth resource contains a set of operations that update the OAuth2-specific properties of registered applications in Portal for ArcGIS.

app_info

Every application registered with Portal for ArcGIS has a unique client ID and a list of redirect URIs that are used for OAuth. This operation returns these OAuth-specific properties of an application. You can use this information to update the redirect URIs by using the Update App Info operation.

update(current_id, new_id)

When new applications are registered with Portal for ArcGIS, a new client ID is generated for the application. This allows the application to access content from the portal. The new client ID does not work if the application developer has programmed against a specific ID. This operation can, therefore, be used to change the client ID to another value as specified by the application developer.

Argument Description
current_id Required string. The current client ID of an existing application.
new_id Required string. The new client ID to assign to the application.
Returns:dict

SSLCertificate

class arcgis.gis.admin.SSLCertificate(url, gis=None, **kwargs)

represents a single registered certificate

delete()

This operation deletes an SSL certificate from the key store. Once a certificate is deleted, it cannot be retrieved or used to enable SSL.

export(out_path=None)

This operation downloads an SSL certificate. The file returned by the server is an X.509 certificate. The downloaded certificate can be imported into a client that is making HTTP requests.

Argument Description
out_path Required string. Save location of the certificate
Returns:string
generate_csr()

This operation generates a certificate signing request (CSR) for a self-signed certificate. A CSR is required by a CA to create a digitally signed version of your certificate.

Returns:string
import_signed_certificate(file_path)

imports a certificate authority (CA) signed SSL certificate into the key store.

Argument Description
file_path Required string. The location of the certificate
Returns:dict

SSLCertificates

class arcgis.gis.admin.SSLCertificates(url, gis=None, **kwargs)

Manages the Portal’s SSL Certificates

generate(alias, common_name, organization, key_algorithm='RSA', validity=90, key_size=2048, signature_algorithm='SHA256withRSA', unit='', city='', state='', country_code='', alt_name='')

Use this operation to create a self-signed certificate or as a starting point for getting a production-ready CA-signed certificate. The portal will generate a certificate for you and store it in its keystore.

Argument Description
alias Required string. The name of the certificate. This is a required parameter.
common_name Required string. The common name used to identify the server for which the certificate is to be generated. This is a required parameter.
organization Required string. The name of the organization. This is a required parameter.
key_algorithm Optional string. The algorithm used to generate the key pairs. The default is RSA.
validity Optional integer. The expiration time for the certificate in days. The default is 90.
key_size Optional integer. The size of the key. The default is 2048.
signature_algorithm Optional string. The algorithm used to sign the self-signed certificates. The default is derived from the key_algorithm parameter.
unit Optional string. The department within which this server resides.
city Optional string. The name of the city
state Optional string. The name of the state
country_code Optional string. The two letter abbrevation of the country
alt_name Optional string. The common name used to identify the server for which the certificate is to be generated. This is a required parameter.
Returns:boolean
get(alias_name)

gets a single SSLCertificate object by the alias name

Argument Description
alias_name Required string. The common name of the certificate.
Returns:SSLCertificate Object
USAGE: Print out information about a specific SSL Certificate by alias name

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
# Get the SSL Certificate class
sslmgr = gis.admin.security.ssl
# Get a specific certificate alias and print information
ssl = sslmgr.get('portal')
for prop in ssl.properties:
    print(prop, ssl.properties[prop])]))

# Output
aliasName portal
issuer CN=YOURPORTAL.COM, OU=Self Signed Certificate
subject CN=YOURPORTAL.COM, OU=Self Signed Certificate
subjectAlternativeNames []
validFrom Fri Sep 15 07:46:45 EDT 2017
validUntil Sun Jul 24 07:46:45 EDT 2050
keyAlgorithm RSA
keySize 2048
serialNumber 503b23c6
version 3
signatureAlgorithm SHA256withRSA
keyUsage []
md5Fingerprint 76d695d72e46b30ea90013676d559faa
sha1Fingerprint 6f36513757c28ad43c2df5e4c7cee581ad18dd1e
sha256Fingerprint a051aab19d1ed8ceee7322572b3b1b2abd1ed680d0a1d81d0da84cf0e1a1b6cb
import_certificate(certificate, alias, norestart=False)

This operation imports a certificate authority’s (CA) root and intermediate certificates into the keystore. To create a production quality CA-signed certificate, you need to add the CA certificates into the keystore that enables the SSL mechanism to trust the CA (and the certificates it has signed). While most of the popular CA certificates are already available in the keystore, you can use this operation if you have a custom CA or specific intermediate certificates.

Argument Description
certificate Required string. The file location of the certificate file
alias Required string. The name of the certificate
norestart Optional boolean. Determines if the portal should be prevented from restarting after importing the certificate. By default this is false and the portal will restart. Added in 10.6.
Returns:boolean
USAGE: Import a trusted CA or Intermediate SSL Certificate into Portal Admin API

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
# Get the SSL Certificate class
sslmgr = gis.admin.security.ssl
# Load a trust CA certificate and restart Portal
resp = sslmgr.import_certificate(r'c:\temp\myTrustedCA.crt', 'myroot', norestart=False)
print(resp)

# Output
True
import_server_certificate(alias, password, certificate)

This operation imports an existing server certificate, stored in the PKCS #12 format, into the keystore. If the certificate is a CA signed certificate, you must first import the CA Root or Intermediate certificate using the Import Root or Intermediate Certificate operation.

Argument Description
alias Required string. The name of the certificate
password Required string. The password for the certificate
certificate Required string. The file location of the certificate file
Returns:boolean
list(force=False)

List of SSL Certificates as represented in the Portal Admin API

Argument Description
force Optional Boolean. If True, the certificate list will be refreshed, else, if a set of values is in memory, it will use those values. This is used when you want to ensure you have the most up to date list of certificates.
Returns:List of SSLCertificate objects
USAGE: Print out information about each SSL Certificate

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
# Get the SSL Certificate class
sslmgr = gis.admin.security.ssl
# Get a list of SSL Certificates
sslcerts = sslmgr.list()
# For each certificate, print its alias and issuer
for sslcert in sslcerts:
    print("{} : {}".format(dict(sslcert)['aliasName'], dict(sslcert)['issuer']))

# Output
portal : CN=YOURPORTAL.COM, OU=Self Signed Certificate
yourorgroot : CN=YourOrg Enterprise Root, DC=empty, DC=local
samlcert : CN=YOURPORTAL.COM, OU=Self Signed Certificate
ca_signed : CN=YourOrg Enterprise Root, DC=empty, DC=local
update(alias, protocols, cipher_suites)

Use this operation to configure the web server certificate, SSL protocols, and cipher suites used by the portal.

Argument Description
alias Required string. The name of the certificate. This is a required parameter. The certificate must be already present in the portal.
protocols Required string. The SSL protocols the portal will use. Valid options are TLSv1, TLSv1.1, and TLSv1.2; values must be comma separated. By default, these options are all enabled.
cipher_suites

Required string. The cipher suites the portal will use. Valid options are:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

By default, all of the above options are enabled. Values must be comma separated.

Returns:dict

EnterpriseUsers

class arcgis.gis.admin.EnterpriseUsers(url, gis=None, **kwargs)

The users resource is an umbrella for operations to manage members within Portal for ArcGIS. The resource returns the total number of members in the system.

create(username, password, first_name, last_name, email, role='org_user', level=2, provider='arcgis', idp_username=None, description=None)

This operation is used to pre-create built-in or enterprise accounts within the portal. The provider parameter is used to indicate the type of user account.

Argument Description
username Required string. The name of the user account
password Required string. The password of the user account
first_name Required string. The first name for the account
last_name Required string. The last name for the account
email Required string. The email for the account
role Optional string. The role for the user account. The default value is org_user. Values org_user | org_publisher | org_admin
level Optional integer. The account level to assign the user. Values 1 or 2
provider Optional string. The provider for the account. The default value is arcgis. Values arcgis | enterprise
idp_username Optional string. The name of the user as stored by the enterprise user store. This parameter is only required if the provider parameter is enterprise.
description Optional string. A user description
Returns:boolean
get(username)

This operation returns the description, full name, and email address for a single user in the enterprise identity (user) store configured with the portal. The username parameter is used to specify the enterprise username. If the user does not exist, an error is returned.

Argument Description
username Required string. Username of the enterprise account. For Windows Active Directory users, this can be either domainusername or just username. For LDAP users, the format is always username.
Returns:dict
refresh_users(users)

This operation iterates over every enterprise group configured in the portal and determines if the input user accounts belong to any of the configured enterprise groups. If there is any change in membership, the database and the indexes are updated for each user account. While portal automatically refreshes the memberships during a user login and during a periodic refresh (configured through the Update Identity Store operation), this operation allows an administrator to force a refresh.

Argument Description
users Required string. A comma seperated list of users.
Returns:dict
search(query='', max_count=255)

This operation searches users in the configured enterprise user store. You can narrow down the search using the filter parameter.

Argument Description
query Optional string. Where clause into parse down results
max_count Optional integer. The maximum number of records to return
Returns:dict
update(username, idp_username)

This operation allows an administrator to update the idp_username for an enterprise user in the portal. This is used when migrating from accounts used with web-tier authentication to SAML authentication.

Argument Description
username Required string. Username of the enterprise account. For Windows Active Directory users, this can be either domainusername or just username. For LDAP users, the format is always username.
idp_username Required string. The username used by the SAML identity provider
Returns:dict

EnterpriseGroups

class arcgis.gis.admin.EnterpriseGroups(url, gis=None, **kwargs)

The groups resource is an umbrella for operations to manage enterprise groups within the portal. The resource returns the total number of groups in the system.

get_group_users(name, query='', max_count=255)

This operation returns the users that are currently assigned to the enterprise group within the enterprise user/group store. You can use the filter parameter to narrow down the user search.

Argument Description
name Optional string. The name of the enterprise group
query Optional string. Where clause into parse down results
max_count Optional integer. The maximum number of records to return
Returns:dict
get_user_groups(username, query='', max_count=255)

This operation lists the groups assigned to a user account in the configured enterprise group store.

Argument Description
username Optional string. The name of the user account
query Optional string. Where clause into parse down results
max_count Optional integer. The maximum number of records to return
Returns:dict
refresh_groups(groups)

This operation iterates over every enterprise account configured in the portal and determines if the user account is a part of the input enterprise group. If there are any change in memberships, the database and the indexes are updated for each group. While portal automatically refreshes the memberships during a user login and during a periodic refresh configured through the Update Identity Store operation, this operation allows an administrator to force a refresh.

Argument Description
groups Required string. The comma seperated list of group names to be refreshed
Returns:dict
search(query='', max_count=255)

This operation searches groups in the configured enterprise group store. You can narrow down the search using the filter parameter.

Argument Description
query Optional string. Where clause into parse down results
max_count Optional integer. The maximum number of records to return
Returns:dict

Site

class arcgis.gis.admin.Site(url, portaladmin, **kwargs)

Bases: arcgis.gis.admin._base.BasePortalAdmin

Site is the root resources used after a local GIS is installed. Here administrators can create, export, import, and join sites.

static create(con, url, username, password, full_name, email, content_store, description='', question_idx=None, question_ans=None)

The create site operation initializes and configures Portal for ArcGIS for use. It must be the first operation invoked after installation. Creating a new site involves:

  • Creating the initial administrator account
  • Creating a new database administrator account (which is same as the initial administrator account)
  • Creating token shared keys
  • Registering directories

This operation is time consuming, as the database is initialized and populated with default templates and content. If the database directory is not empty, this operation attempts to migrate the database to the current version while keeping its data intact. At the end of this operation, the web server that hosts the API is restarted.

Argument Description
con Required Connection. The connection object.
url Required string. The portal administration url Ex: https://mysite.com/<web adaptor>/portaladmin
username Required string. The initial admin account name
password Required string. The password for initial admin account
full_name Required string. The full name of the admin account
email Required string. The account email address
content_store Required string. JSON string including the path to the location of the site’s content.
description Optional string. The optional description for the account
question_idx Optional integer. The index of the secret question to retrieve a forgotten password
question_ans Optional string. The answer to the secret question
Returns:dict
export_site(location)

This operation exports the portal site configuration to a location you specify. The exported file includes the following information:

Content directory - the content directory contains the data
associated with every item in the portal
Database dump file - a plain-text file that contains the SQL
commands required to reconstruct the portal database
Configuration store connection file - a JSON file that contains
the database connection information
Argument Description
location Required string. The path to the folder accessible to the portal where the exported site configuration will be written.
Returns:dict
USAGE: Export Portal Site to a location the Portal server has access to.  ** This can be a
       lengthy operation.

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
sitemgr = gis.admin.site
response = sitemgr.export_site(r'c:\temp')
print(response)

# Output
{'status': 'success', 'location': 'C:\Temp\June-9-2018-5-22-29-PM-EDT-FULL.portalsite'}
import_site(location)

The importSite operation lets you restore your site from a backup site configuration file that you created using the exportSite operation. It imports the site configuration file into the currently running portal site. The importSite operation will replace all site configurations with information included in the backup site configuration file. See the export_site operation documentation for details on what the backup file includes. The importSite operation also updates the portal content index.

Argument Description
location Required string. A file path to an exported configuration.
Returns:dict
join(admin_url, username, password)

The joinSite operation connects a portal machine to an existing site. You must provide an account with administrative privileges to the site for the operation to be successful. When an attempt is made to join a site, the site validates the administrative credentials, then returns connection information about its configuration store back to the portal machine. The portal machine then uses the connection information to work with the configuration store. If this is the first portal machine in your site, use the Create Site operation instead. The joinSite operation:

  • Registers a machine to an existing site (active machine)
  • Creates a snapshot of the database of the active machine
  • Updates the token shared key
  • Updates Web Adaptor configurations

Sets up replication to keep the database of both machines in sync The operation is time-consuming as the database is configured on the machine and all configurations are applied from the active machine. After the operation is complete, the web server that hosts the API will be restarted.

Argument Description
admin_url Required string. The admin URL of the existing portal site to which a machine will be joined
username Required string. The username for the initial administrator account of the existing portal site.
password Required string. The password for the initial administrator account of the existing portal site.
Returns:dict

System

class arcgis.gis.admin.System(url, gis=None, **kwargs)

This resource is an umbrella for a collection of system-wide resources for your portal. This resource provides access to the ArcGIS Web Adaptor configuration, portal directories, database management server, indexing capabilities, license information, and the properties of your portal.

content_discovery

This resource allows an administrator to enable or disable external content discovery from the portal website. Because some Esri-provided content requires external access to the internet, an administrator may choose to disable the content to prevent requests to ArcGIS Online resources. When disabling the content, a select group of items will be disabled:

  • All basemaps owned by “esri_[lang]”
  • All content owned by “esri_nav”
  • All content owned by “esri”

This resource will not disable ArcGIS Online utility services or Living Atlas content. For steps to disable these items, refer to the Portal Administrator guide.

When external content is disabled, System Languages are also disabled.

Argument Description
value required Boolean. If true, external content is enabled, else it is disabled.
Returns:boolean
database

The database resource represents the database management system (DBMS) that contains all of the portal’s configuration and relationship rules. This resource also returns the name and version of the database server currently running in the portal. You can use the properety to update database accounts

directories

The directories resource is a collection of directories that are used by the portal to store and manage content. Beginning at 10.2.1, Portal for ArcGIS supports five types of directories:

  • Content directory-The content directory contains the data associated with every item in the portal.
  • Database directory-The built-in security store and sharing rules are stored in a Database server that places files in the database directory.
  • Temporary directory - The temporary directory is used as a scratch workspace for all the portal’s runtime components.
  • Index directory-The index directory contains all the indexes associated with the content in the portal. The indexes are used for quick retrieval of information and for querying purposes.
  • Logs directory-Errors and warnings are written to text files in the log file directory. Each day, if new errors or warnings are encountered, a new log file is created.

If you would like to change the path for a directory, you can use the Edit Directory operation.

index_status

The status resource allows you to view the status of the indexing service. You can view the number of users, groups, and search items in both the database (store) and the index. If the database and index do not match, indexing is either in progress or there is a problem with the index. It is recommended that you reindex to correct any issues. If indexing is in progress, you can monitor the status by refreshing the page.

Returns:dict
USAGE: Prints out current Index Status

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")
sysmgr = gis.admin.system
idx_status = sysmgr.index_status
import json
print(json.dumps(idx_status, indent=2))

# Output
{
  "indexes": [
    {
      "name": "users",
      "databaseCount": 51,
      "indexCount": 51
    },
    {
      "name": "groups",
      "databaseCount": 325,
      "indexCount": 325
    },
    {
      "name": "search",
      "databaseCount": 8761,
      "indexCount": 8761
    }
  ]
}
languages

This resource gets/sets which languages will appear in portal content search results. Use the Update languages operation to modify which language’content will be available.

licenses

Portal for ArcGIS requires a valid license to function correctly. This resource returns the current status of the license. Starting at 10.2.1, Portal for ArcGIS enforces the license by checking the number of registered members and comparing it with the maximum number of members authorized by the license. Contact Esri Customer Service if you have questions about license levels or expiration properties.

properties

Gets/Sets the system properties that have been modified to control the portal’s environment. The list of available properties are:

  • privatePortalURL-Informs the portal that it has a front end load-balancer/proxy reachable at the URL. This property is typically used to set up a highly available portal configuration
  • portalLocalhostName-Informs the portal back-end to advertise the value of this property as the local portal machine. This is typically used during federation and when the portal machine has one or more public host names.
  • httpProxyHost-Specifies the HTTP hostname of the proxy server
  • httpProxyPort-Specifies the HTTP port number of the proxy server
  • httpProxyUser-Specifies the HTTP proxy server username.
  • httpProxyPassword-Specifies the HTTP proxy server password.
  • isHttpProxyPasswordEncrypted-Set this property to false when you are configuring the HTTP proxy server password in plain text. After configuration, the password will be encrypted and this property will be set to true
  • httpsProxyHost-Specifies the HTTPS hostname of the proxy server
  • httpsProxyPort-Specifies the HTTPS port number of the proxy server
  • httpsProxyUser-Specifies the HTTPS proxy server username
  • httpsProxyPassword-Specifies the HTTPS proxy server password
  • isHttpsProxyPasswordEncrypted-Set this property to false when you are configuring the HTTPS proxy server password in plain text. After configuration, the password will be encrypted and this property will be set to true.
  • nonProxyHosts-If you want to federate ArcGIS Server and the site does not require use of the forward proxy, list the server machine or site in the nonProxyHosts property. Machine and domain items are separated using a pipe (|).
  • WebContextURL-If you are using a reverse proxy, set this property to reverse proxy URL.
reindex(mode='FULL', includes=None)

This operation allows you to generate or update the indexes for content; such as users, groups, and items stored in the database (store). During the process of upgrading an earlier version of Portal for ArcGIS, you are required to update the indexes by running this operation. You can check the status of your indexes using the status resource.

Argument Description
mode Optional string. The mode in which the indexer should run. Values USER_MODE | GROUP_MODE | SEARCH_MODE | FULL
includes Optional string. An optional comma separated list of elements to include in the index. This is useful if you want to only index certain items or user accounts.
Returns:boolean
web_adaptors

The Web Adaptors resource lists the ArcGIS Web Adaptor configured with your portal. You can configure the Web Adaptor by using its configuration web page or the command line utility provided with the installation.

Licenses

class arcgis.gis.admin.Licenses(url, gis=None, **kwargs)

Portal for ArcGIS requires a valid license to function correctly. This resource returns the current status of the license. As of 10.2.1, Portal for ArcGIS enforces the license by checking the number of registered members and comparing it with the maximum number of members authorized by the license. Contact Esri Customer Service if you have questions about license levels or expiration properties. Starting at 10.5, Portal for ArcGIS enforces two levels of membership for licensing to define sets of privileges for registered members and their assigned roles.

entitlements(app='arcgisprodesktop')

This operation returns the currently queued entitlements for a product, such as ArcGIS Pro or Navigator for ArcGIS, and applies them when their start dates become effective. It’s possible that all entitlements imported using the Import Entitlements operation are effective immediately and no entitlements are added to the queue. In this case, the operation returns an empty result.

Argument Description
app Required string. The application lookup. Allowed values: appstudioweb,arcgisprodesktop,busanalystonline_2, drone2map,geoplanner,arcgisInsights,LRReporter, navigator, or RoadwayReporter
Returns:dict
import_entitlements(file, application)

This operation allows you to import entitlements for ArcGIS Pro and additional products such as Navigator for ArcGIS into your licensing portal. Once the entitlements have been imported, you can assign licenses to users within your portal. The operation requires an entitlements file that has been exported out of your ArcGIS License Server Administrator or out of My Esri, depending on the product. A typical entitlements file will have multiple parts, each representing a set of entitlements that are effective at a specific date. The parts that are effective immediately will be configured to be the current entitlements. Other parts will be added to a queue. The portal framework will automatically apply the parts when they become effective. You can use the Get Entitlements operation to see the parts that are in the queue. Each time this operation is invoked, it overwrites all existing entitlements, even the ones that are in the queue.

Argument Description
file Required string. The entitlement file to load into Enterprise.
application Required string. The application identifier to be imported
Returns:dict
release_license(username)

If a user checks out an ArcGIS Pro license for offline or disconnected use, this operation releases the license for the specified account. A license can only be used with a single device running ArcGIS Pro. To check in the license, a valid access token and refresh token is required. If the refresh token for the device is lost, damaged, corrupted, or formatted, the user will not be able to check in the license. This prevents the user from logging in to ArcGIS Pro from any other device. As an administrator, you can release the license. This frees the outstanding license and allows the user to check out a new license or use ArcGIS Pro in a connected environment.

remove_all(application)

This operation removes all entitlements from the portal for ArcGIS Pro or additional products such as Navigator for ArcGIS and revokes all entitlements assigned to users for the specified product. The portal is no longer a licensing portal for that product. License assignments are retained on disk. Therefore, if you decide to configure this portal as a licensing portal for the product again in the future, all licensing assignments will be available in the website.

remove_entitlement(app='arcgisprodesktop')

deletes an entitlement from a site

Argument Description
app Required string. The application lookup. Allowed values: appstudioweb,arcgisprodesktop,busanalystonline_2, drone2map,geoplanner,arcgisInsights,LRReporter, navigator, or RoadwayReporter
Returns:dict
update_license_manager(info)

ArcGIS License Server Administrator works with your portal and enforces licenses for ArcGIS Pro. This operation allows you to change the license server connection information for your portal. When you import entitlements into portal using the Import Entitlements operation, a license server is automatically configured for you. If your license server changes after the entitlements have been imported, you only need to change the license server connection information. You can register a backup license manager for high availability of your licensing portal. When configuring a backup license manager, you need to make sure that the backup license manager has been authorized with the same organizational entitlements. After configuring the backup license manager, Portal for ArcGIS is restarted automatically. When the restart completes, the portal is configured with the backup license server you specified.

Argument Description
info Required string. The JSON representation of the license server connection information.
Returns:dict

Directory

class arcgis.gis.admin.Directory(url, gis=None, **kwargs)

A directory is a file system-based folder that contains a specific type of content for the portal. The physicalPath property of a directory locates the actual path of the folder on the file system. Beginning at 10.2.1, Portal for ArcGIS supports local directories and network shares as valid locations. During the Portal for ArcGIS installation, the setup program asks you for the root portal directory (that will contain all the portal’s sub directories). However, you can change each registered directory through this API.

properties

The properties operation on a directory can be used to change the physical path and description properties of the directory. This is useful when changing the location of a directory from a local path to a network share. However, the API does not copy your content and data from the old path to the new path. This has to be done independently by the system administrator.

WebAdaptor

class arcgis.gis.admin.WebAdaptor(url, gis=None, **kwargs)

The ArcGIS Web Adaptor is a web application that runs in a front-end web server. One of the Web Adaptor’s primary responsibilities is to forward HTTP requests from end users to Portal for ArcGIS. The Web Adaptor acts a reverse proxy, providing the end users with an entry point to the system, hiding the back-end servers, and providing some degree of immunity from back-end failures. The front-end web server can authenticate incoming requests against your enterprise identity stores and provide specific authentication schemes such as Integrated Windows Authentication (IWA), HTTP Basic, or Digest. Most importantly, a Web Adaptor provides your end users with a well defined entry point to your system without exposing the internal details of your portal. Portal for ArcGIS will trust requests being forwarded by the Web Adaptor and will not challenge the user for any credentials. However, the authorization of the request (by looking up roles and permissions) is still enforced by the portal’s sharing rules.

unregister()

You can use this operation to unregister the ArcGIS Web Adaptor from your portal. Once a Web Adaptor has been unregistered, your portal will no longer trust the Web Adaptor and will not accept any credentials from it. This operation is typically used when you want to register a new Web Adaptor or when your old Web Adaptor needs to be updated.

WebAdaptors

class arcgis.gis.admin.WebAdaptors(url, gis=None, **kwargs)

The Web Adaptors resource lists the ArcGIS Web Adaptor configured with your portal. You can configure the Web Adaptor by using its configuration web page or the command line utility provided with the installation.

configuration

Gets/Sets the common properties and configuration of the ArcGIS Web Adaptor configured with the portal.

list()

Returns all instances of WebAdaptors

USAGE: Get all Web Adaptors and list keys,values of first Web Adaptor object

from arcgis.gis import GIS
gis = GIS("https://yourportal.com/portal", "portaladmin", "password")

# Return a List of Web Adaptor objects
webadaptors = gis.admin.system.web_adaptors.list()

# Get the first Web Adaptor object and print out each of its values
for key, value in dict(webadaptors[0]).items():
    print("{} : {}".format(key, value))

# Output
machineName : yourportal.com
machineIP : 10.11.12.13
webAdaptorURL : https://yourwebserver.com/portal
id : ac17d7b9-adbd-4c45-ae13-77b0ad6f14e8
description :
httpPort : 80
httpsPort : 443
refreshServerListInterval : 1
reconnectServerOnFailureInterval : 1
Returns:List of Web Adaptor objects. Typically, only 1 Web Adaptor will exist for a Portal