Is feature-level authorisation even remotely possible when accessing ArcGIS (10) via the REST APIs? From what I understand I can secure individual services but at most this gives me control over who can read / write data across the service, and doesn't cover individual layers or features. Is this the case?
I was surprised that there are lots of REST-based (e.g. JavaScript) examples on editing but nothing obvious that looks at who is allowed to edit data - a primary concern in any real-world application.
If feature-level security is not possible what are my options? So far it seems like I must implement my own editing service (possibly through a Server Object Extension?) which can consult Access Control Lists whenever an edit operation is requested. I imagine I could reuse a lot of what's already in the JS API for editing via the Geometry Service but just point it at my own service and fill in the gaps.
أكثر...
I was surprised that there are lots of REST-based (e.g. JavaScript) examples on editing but nothing obvious that looks at who is allowed to edit data - a primary concern in any real-world application.
If feature-level security is not possible what are my options? So far it seems like I must implement my own editing service (possibly through a Server Object Extension?) which can consult Access Control Lists whenever an edit operation is requested. I imagine I could reuse a lot of what's already in the JS API for editing via the Geometry Service but just point it at my own service and fill in the gaps.
أكثر...