arcuser

Protect Your Editable Feature Data from the Public

ArcGIS Online has a lot of great features that help engage audiences with data. Although the interactive tools shape the experience, your data is what draws an audience to your application. People come to your application to discover facts and insights in your data.

Effectively managing feature layer capabilities is an easy way to ensure that your public applications securely show up-to-date information. Hosted feature layer views let you create layers (views of the same data) that have different editing capabilities and sharing levels, so the editors and viewers of a layer can interact with the same dataset in different ways.

For example, you can have a hosted feature layer view that is shared with the public in an application but cannot be edited by the public. Another hosted feature layer view can have editing capabilities that are limited only to specific users that it was shared with in your organization.

When publishing hosted feature layers to ArcGIS Online and ArcGIS Enterprise, editing is primarily controlled by two mechanisms: the layer editing setting and the sharing level. To modify the editing settings, go to the Settings tab in the Editing section for a hosted feature layer or feature layer view item page. After editing is enabled on the layer, any user who has access to the layer can edit it. For example, if a road construction editing app that contains an editable construction status layer is shared with a road maintenance group, then only members of that group can access, add, or update features in the layer.

It is essential to understand how to secure public datasets to ensure that only known and approved data is shared with the public by you and your organization’s members. Follow the four simple tips outlined in this article for using hosted feature layer views to protect your data.

Note: Administrators and members of update capability groups within the organization have some additional editing capabilities in some circumstances.

TIP 1

Only share editable hosted feature layer views with a group that contains approved members of your organization.
In most public applications, the featured data is updated over time, such as when showing election results, wildfire evacuation zones, or construction project status. With the example of a wildfire evacuation zone app, the wildfire boundary and status of evacuations will change over the duration of the event. This data is used to inform the public whether it is safe to be in their homes or it is time to leave. Ensuring that this data is only modified by an approved group of people is critical to providing accurate information to the public, especially those members of the public who may need to evacuate.

TIP 2

Use read-only hosted feature layer views in your public applications.
When sharing data to inform the public, it is important that layers that are used to edit and update the data are not shared with everyone. Editable layers that are shared with everyone can also be edited by anyone, including those who shouldn’t be editing the data and may have malicious intent.

When you are sharing an application with the public, it is important to use a hosted feature layer view with the public that does not allow editing. Use a hosted feature layer view with editing capabilities that is shared with a group of trusted editors. As hosted feature layer views created from the same source layer point to the same dataset, the view of the data that is not editable will immediately have access to updated data from the private editable view.

TIP 3

Do not share editable hosted feature layers with the public unless these layers are specifically for public data collection for use with ArcGIS Survey123 and an ArcGIS StoryMaps crowdsourcing app.

In some instances, such as crowdsourcing apps or public surveys, sharing editable layers with everyone is needed to collect data. To ensure that editable layers are intentionally shared with the public, a new setting called Public Data Collection was added to hosted feature layers with the September 2020 update of ArcGIS Online.

By enabling this setting, you are approving the layer to be shared publicly with editing capabilities turned on. When this setting is not turned on and the layer is not shared publicly, you cannot change the layer’s sharing level to Everyone (public). This new setting is an extra safeguard to verify that publicly editable data is being shared intentionally for the purpose of data collection.

TIP 4

Make sure you follow best practices for data collection when using hosted feature layers for Public Data Collection.
Because Public Data Collection is a new setting for feature layers, any editable layers that you own that are shared with the public will display a banner warning you. This warning will also appear on publicly shared, editable layers published from ArcGIS Pro or programmatically.

Maintaining data integrity is critical at all times. The ArcGIS Security Advisor is an unsupported tool created by the Esri software security and privacy team to help advise on your ArcGIS security settings and review your logs. Use it if you want to double-check which publicly shared items are editable in your organization and designate the appropriate layers as Public Data Collections.

 

About the author

Kelly Gerrow-Wilcox

Kelly Gerrow-Wilcox is a product manager on the ArcGIS Online team. She has been with Esri since 2012 and enjoys blogging, web app building, and outdoor adventures.