10 tips to help manage your enterprise geodatabase connections
Enterprise geodatabases are complex, and their architecture is unique to each organization. Use these 10 tips and tricks to help manage your enterprise geodatabase and .sde connection files.
Data governance and management can be a tricky subject because each organization has its own unique policies and practices.
If it’s possible within your organization, the enterprise geodatabase is a great place to store your data. Installed inside of a relational database management system (RDBMS), the enterprise geodatabase uses RDBMS technology to add functionality to the database, including versioning, backup and recovery, archives, and optimization. To connect to the enterprise geodatabase, you need a .sde (spatial database engine) connection file. The connection file stores information on the username, password and geodatabase that you want to connect to.
In this blog post, my goal is to showcase the advantages and disadvantages of different practices for managing the geodatabase and .sde connection files. I’ll give you tips and tricks for ArcGIS Pro and ArcGIS Enterprise, and for using .sde connection files with Python scripts.
In ArcGIS Pro
Here are some tips for managing connection files in ArcGIS Pro.
Privilege by type of user in an enterprise geodatabase
Tip #1: Store a password in the .sde file
.sde connection files make for an easily accessible and efficient way to access data. However, keep in mind that anybody who has access to the .sde file has automatic access to all the data the user/role has access to.
Tip #2: Use the admin account for all data
This can work well in small organizations with small GIS teams. In bigger organizations, keep the admin account separate from the publisher one.
Tip #3: Have a single sign-on (SSO) for all users
This option allows all users to easily have access to the data using the same password. It makes it easy to track who is responsible for each dataset. Each user has only one .sde file.
Tip #4: Use roles to manage privilege
Allow data access to groups to manage privilege. Each department or access will be able to see the data they need with the privilege (edition) that they need.
Tip #5: Use SSO for end users only
Allow only end user access with SSO. The data in this case would be stored in a headless account with data owner privilege, allowing data to be independent for end users.
Tip #6: Store the .sde connection file in the same placeEasily manage all the connections from the same folder directory on your local machine. Allow users with database administrator (DBA), geodatabase administrator (SDE) and data owner privileges to easily manage and see the different connections.
In ArcGIS Enterprise
Types of user-managed data stores that can be registered with ArcGIS Enterprise.
If you have ArcGIS Enterprise, you can reference your enterprise geodatabase to ArcGIS Enterprise using a data store. This will allow ArcGIS Enterprise to access your data directly. Here are some tips for sharing data with ArcGIS Enterprise.
Tip #7: Have only a headless account for sharing
It is mandatory to have an account with database authentication for sharing to ArcGIS Enterprise. Using a headless account will allow you to only manage one data store in ArcGIS Enterprise.
Tip #8: Plan schema changes to your dataset with synchronization in mind
Schema changes to your dataset will necessitate a service restart. Planning when to push those changes will allow you to minimize service downtime.
Tip #9: Add your .sde connection to ArcGIS Enterprise through Portal for ArcGIS, not ArcGIS Server
Adding the .sde connection file via Portal for ArcGIS will allow you to see the portal in the named user list of content. This will in turn allow you to bulk publish an image service and a feature layer of all the items in the connection file.
Python script
The .sde connection file can also be added to your automation workflow using a Python script.
Tip #10: Use the .sde file with .sde privileges in the script instead of user passwords
Referencing a .sde connection file will allow you to not store username/password in your script, making it more secure.
Related training
If you like the sound of the tips I’ve shared but need a little help putting them into practice, my colleagues and I teach a number of live courses that could help get you on your way. By attending, you’ll not only get live demos and answers to your specific questions, but you’ll also work on applying your knowledge through in-class exercises and walk away with a workbook specific to the topic at hand. Some of our geodatabase-related courses include:
- Managing Geospatial Data in ArcGIS: This instructor-led course takes you on a deep dive into the geodatabase. You’ll develop the skills you need to centrally store and manage your organization’s authoritative geospatial data.
- Deploying and Maintaining a Multiuser Geodatabase: If you have questions about managing user permissions, privileges and roles in a geodatabase environment, this course has the in-depth answers you’re looking for.
- Implementing Versioned Workflows in a Multiuser Geodatabase: This instructor-led course is for you if you’re looking to design a traditional versioning workflow in ArcGIS Pro.
- Configuring Branch Versioning in ArcGIS: Want to implement branch versioning in an enterprise geodatabase using ArcGIS Pro? This one-day course will show you how.
- Sharing Content to ArcGIS Enterprise: In this course, discover key workflows and best practices to add resources to your ArcGIS Enterprise portal website. Improve collaboration, better understand publication workflows and manage access to resources.
To stay informed about all the latest training opportunities at Esri Canada, visit Esri Canada’s Communication Preference Centre and select the “Training” checkbox to get a monthly roundup straight to your inbox.