Security Alert

Information about Best Practices when using ArcGIS Online to Share Items and Survey Form to Public Access

Information about Best Practices when using ArcGIS Online to Share Items and Survey Form to Public Access

 

Dear Esri Users,

We would like to draw your attention that if an organization has need to share ArcGIS Online Items or an ArcGIS Online Survey form to the public for collecting information from your target audience, it is recommended to make reference to the following best practices to design your processing workflow to impose more control on sharing ArcGIS Online items to the public:

 

1. Disabling User Privilege on Sharing Items to Public of normal users, please refer to below link for detailed steps:

   • Restrict members from sharing content publicly in ArcGIS Online

 

2. Identifying one or more Authoritative user(s) in your organization as gatekeeper who can access the forms of normal users and set them to share to the public. The authoritative user(s) should have the authority to determine if the form should be shared to the public from organization perspective.  Moreover, please follow below information and best practice to configure sharing items to the public in ArcGIS Online.

   • Pay attention to the caution to share a survey to public

   • Securing Public Surveys by ArcGIS Survey123 Connect and Survey123 Web Designer

 

3. There are other resources available to assist you to configure sharing in ArcGIS Online, please refer to below information:

• Limiting Access to Public Survey123 Responses

The survey responses from Public Survey123 surveys maybe exposed to public if improper configurations are done. Please refer to below PDF talking about how to limit access to public Survey123 results:
https://downloads.esri.com/RESOURCES/ENTERPRISEGIS/Limiting_Access_to_Public_Survey123_Results.pdf for details.

 

• Sharing ArcGIS Survey123 survey forms publicly without permitting access to the submitted responses in the survey

When an ArcGIS Survey123 form is created, by default users are able to add, update and query existing data. When survey forms are shared publicly, it is possible to access the REST endpoint of the feature service, which in turn, permits access to the survey responses. The survey responses may contain sensitive or personal information that must be hidden. Survey123 forms can be shared publicly without permitting access to the submitted responses in the survey by configuring the settings in Survey123 Web Designer. Please refer to this link for details:

https://support.esri.com/en-us/knowledge-base/faq-is-it-possible-to-share-arcgis-survey123-survey-for-000023227

 

• Settings that control editing access for hosted feature layer in ArcGIS Online

As the owner of a hosted feature layer, or an administrator, you can change the settings on the hosted feature layer or view to control whether editing is allowed and what types of edits can be made. Please check this link for details:

https://doc.arcgis.com/en/arcgis-online/manage-data/manage-editing-hfl.htm#ESRI_SECTION1_C30D73392D964D51A8B606128A8A6E8F

 

• Configure security settings in ArcGIS Online

Default administrators and those with the appropriate privileges can configure security settings for policies, sharing and searching, password policies, sign in options, multifactor authentication, access notices, trusted servers, portal access, and more in ArcGIS Online. For details, please check this link:

https://doc.arcgis.com/en/arcgis-online/administer/configure-security.htm

 

• ArcGIS Online Compliances

If you want to know more about the security related standards that complied by ArcGIS and ArcGIS Online, please refer to below link:

https://trust.arcgis.com/en/compliance/compliance-tab-intro.htm

 

We hope the above information can assist you to control the sharing of your data stored in ArcGIS Online properly.

Should you have any questions, please contact support@esrichina.hk.

 

Esri China (HK) Technical Support (HK and Macau)

Esri China (Hong Kong) | 9/F., CEO Tower | 77 Wing Hong Street | Cheung Sha Wan | Kowloon | Hong Kong

T +852 2730 6883 | F +852 2730 3772 | E: support@esrichina.hk