To allow your ArcGIS Server sites to access the data resources you want to publish, all machines in the ArcGIS Server site must have access to the resource. For example, when you publish a map as a service, the map and all the data for the map's layers must be accessible to all ArcGIS Server machines.
You need to do the following to make your data accessible to ArcGIS Server:
- Store your data in a location that all machines in your ArcGIS Server site can access.
- Grant permissions to allow ArcGIS Server to access the data.
- If your data is stored in a folder or a database that you access using operating system authentication, you must grant the ArcGIS Server account permissions to these locations. The ArcGIS Server account is the account you used to install ArcGIS Server, not the primary site administrator specified when the ArcGIS Server site was created.
- If your data is stored in a database that you access using database authentication, the database user you provide when registering the database must have permissions to the data.
- If your data is in a cloud data warehouse, the credentials you use to access the data warehouse must have permissions to view the data.
- Register your data store with the ArcGIS Server site.
Store data where all ArcGIS Server machines can access it
The following sections describe options for storing data so your ArcGIS Server site can access it. Which options you use depends on the size of your data, the number of people who will access the web service, and how frequently the data changes.
Store data locally on each ArcGIS Server machine
When you save your data to a local path, for example, /opt/local/data, and create a service from it, other ArcGIS Server machines are not able to work with the service unless they have their own copies of the data residing at /opt/local/data.
Loading an identical copy of your data into an identical path on each ArcGIS Server machine can be beneficial for performance, but it is not a practical solution for large or frequently changing datasets.
Store data in a shared directory
Another way to make your data available to all ArcGIS Server machines is to use the operating system tools to share the directory in which the data is stored. Shared network directories are commonly referred to with NFS mounted folders, which contain the name of the server (for example, /net/myserver/opt/local/data). When you use NFS paths to reference your data, all ArcGIS Server machines will look to the correct machine for the data.
If you store your GIS resources in shared directories, remember that all data source paths within the resource must also use NFS paths or relative paths. For example, if your map contains layers from three shapefiles, the paths to those shapefiles must be NFS or relative paths.
Although shared network folders are convenient for referencing data, you may experience locking issues if other clients or web services are accessing the source resource at the same time. Therefore, this is not a practical option for data that is used in multiple web services or clients.
Store data in a database
If you store your spatial data in a relational database management system that Esri supports, you can access that data from ArcGIS and publish map and feature services from it. Esri also provides an enterprise geodatabase that you can deploy within your database to extend its functionality. If your data is in a supported cloud data warehouse, you can publish map services (map image layers) from ArcGIS Pro.
Databases, enterprise geodatabases, and cloud data warehouses provide large numbers of users access to the same data and provide you with mechanisms—such as backups, failover options, attribute domains and rules to control data input values—that help you to protect your data. When you store your data in an enterprise geodatabase, you also have the option of taking feature service data offline when network access isn't available. If edits are made to the data while offline, you can synchronize those edits through the feature service when you regain network access.
Store caches, imagery, and big data files in a cloud storage container
Cloud storage containers offer a flexible option when you need to store large data files. Because map and image caches, imagery sources, and big data files have a tendency to be quite large, you might consider storing this type of data in a cloud store that you register with your ArcGIS Server site.
As the data is stored in a remote location, the speed and throughput of your network will affect the web service performance. Also note that you may need to have your network administrator open your company's firewall to access these containers.
Grant ArcGIS Server permissions to your data
When you log in to your own computer, the account name you use gives you access to all your files and folders on the computer. No one else can access those files and folders unless you grant them access. The same holds true for your GIS data. The ArcGIS Server account needs at least read permissions to any data in folders that you use in your services and any data in databases or enterprise geodatabases that you access using operating system authentication. In scenarios when edits are occurring, the ArcGIS Server account also needs write permissions.
When do you need to apply permissions?
The resources you publish are copied to the ArcGIS Server machine. The ArcGIS Server account already has permissions to these folders. However, the data referenced in those resources (for example, the layers in a map) may or may not have the correct permissions applied, depending on whether you choose to register the containing folder or database with the ArcGIS Server site before publishing.
If you register the containing folder, you need to explicitly give the ArcGIS Server account permissions to read from that folder.
If you choose to register the containing database, the type of permissions you need to grant depends on what type of database you are using and what type of authentication you are using to connect.
Services published from cloud data warehouses are read-only; therefore, the credentials used to connect only require privileges to select data.
The process of granting permissions to your file-based or database data is described in the remaining sections of this topic.
Permissions for file-based data
If your data is file based, such as shapefiles, image files, and file geodatabases, you need to work with the operating system to set access to the folders that contain your data. The ArcGIS Server account must have at least read access to the data and write access if the data will be edited. Here are some scenarios:
- If your data resides on the ArcGIS Server machine (or one of the ArcGIS Server machines in the event you have more than one), grant the ArcGIS Server account read (and optionally write) access to the folders containing your data.
- If the data does not reside on the ArcGIS Server machine and you specified a local account as the ArcGIS Server account, you will first need to create an identical local account (having the same user name and password) on the machine that hosts your data. Then grant that local account read (and optionally write) access to the folders containing your data. As long as the local accounts on the machine with data and the ArcGIS Server machine are identical, the ArcGIS Server machine will be able to access the data.
- If the data does not reside on the ArcGIS Server machine, do the following:
- Grant permissions to the ArcGIS Server account for the data files.
- Grant permissions to the ArcGIS Server account for the data folder. You need to grant permissions to every directory down to this folder. For the example above, you need to grant permissions to all the folders below:
- /opt
- /opt/local/
- /opt/local/data
Permissions to data in a database
When you publish a service that references data in a registered database or enterprise geodatabase, you need to ensure that account used to connect to the database has the appropriate permissions to access the database and its data. The type of permissions you need to grant depends on what type of database you are using and what type of authentication you are using to connect.
The way you grant ArcGIS Server access to data in a database depends on whether you connect to the database using database authentication or operating system (OS) authentication.
Database authentication
When using database authentication, you must save the user name and password with the database connection you register. This is required for your service to access the data successfully.
Write permissions on the data must be granted to the database user making the connection if you plan to publish a feature service and allow edits to the data.
OS authentication
If you access data through OS authentication, add the ArcGIS Server account to the database and grant it permissions to the resources that it needs to access. When the service runs, it will log in to the database management system as the ArcGIS Server account.
The way that you add the ArcGIS Server account and grant it permissions can vary. You may find it helpful to consult your DBMS documentation to learn how to grant access to an operating system account. Once you add the ArcGIS Server account, you need to grant it SELECT permissions to the data that you are going to publish. Write permissions on the data are required if you plan to allow edits to the data.
Register your data with ArcGIS Server sites
Data registration gives you the most control over how your site accesses data and helps ensure that the data is truly accessible by the web services you publish. Therefore, after you grant the ArcGIS Server account the appropriate permissions to the folders and databases that contain your data, you need to register the folders and databases with the ArcGIS Server site. If you want to allow publishers to store map or image caches in the cloud, register the cloud storage locations with your ArcGIS Server site.
If your ArcGIS Server site is federated with an ArcGIS Enterprise portal, you can add data stores in the portal. This provides the following advantages:
- You can register a single data store with multiple federated ArcGIS Server sites at one time.
- When registered in the portal, a data store portal item is created. You can share that item with portal groups or the entire organization. When members of the group or the organization publish content in that data store from ArcGIS Server Manager or ArcGIS Pro, they don't have to separately register the data store with the federated servers you configured for the data store item.
However, if you register the data store in the ArcGIS Enterprise portal, you cannot do the following at this time:
- Configure the data store as a cache store.
- Manage the data store outside of the portal.
If you use a stand-alone ArcGIS Server site, register your data stores in ArcGIS Server Manager or ArcGIS Pro.
See the following topics for information on options to register a data store:
- Add items (in the Portal for ArcGIS user help)
- Register your data with ArcGIS Server using Server Manager
- Register your data with ArcGIS Server using ArcGIS Pro
Legacy:
If you do not register the folder or database with the ArcGIS Server site before publishing from ArcMap or if you do not place the data in a location that ArcGIS Server can access, the data is copied to the ArcGIS Server machine. This gives you the least control over how your services and the server will access data but ensures that the item you publish (for example, a geoprocessing service) will always be able to access its source datasets.