#### setup project

In [1]:
import sys
sys.path.insert(0, r"C:\SVN\geosaurus_master\src")

# Administering Your GIS Organizations Using ArcGIS API for Python

## Overview

<img src="./img/gettingstarted.jpg" width=700/>

- The ArcGIS ecosystem is vast
- Organizations can have multiple versions of any product or multiple products to manage
- How do you manage this?

## The Way of the Python

<img src="./img/waysofscience.jpg" width=700/>

- The Python API allows administrators to manage, update and control what happens on your server
- Script from your favorite IDE or Notebook environment
- Cross platform support

## What Can We Manage?

<table  style='font-family:"Courier New", Courier, monospace; font-size:200%' width=50%>
  
  <tr>
    <td>Users</td>
    <td><img src="./img/users.png", width=50/></td>
  </tr>
  <tr>
    <td>Content</td>
    <td><img src="./img/content.png", width=50/></td>
  </tr>
  <tr>
    <td>Infrastructure</td>
    <td><img src="./img/infrastructure.png", width=50/></td>
  </tr>
  <tr>
    <td>Groups</td>
    <td><img src="./img/groups.png" width=50/></td>
  </tr>
 
</table>

## Getting Started

### Understand the `GIS` Object

The `GIS` object is the way users connect to ArcGIS Online and/or Enterprise

- It doesn't matter if you are an administrator of a user, we must start here.

#### Connecting to you `GIS` 

The ArcGIS API for Python support multiple ways of connecting to the `GIS`, which is ArcGIS Online or ArcGIS Enterprise

##### Anonymously

In [2]:
from arcgis.gis import GIS
gis = GIS() #anonymous connection

##### Built-In

- username/password login method
- usersname are case sensitive 

```python
gis = GIS(username='fakeaccount', password='fakepassword')
gis = GIS(url="https://www.mysite.com/portal", username='fakeaccount', password='fakepassword')
```

**Protecting Built-In Credentials**

- using `profiles` will help protect username and passwords.  
- prevents accidental sharing

1. Create a `GIS` object with the extra `profile` parameter

```python
gis = GIS(url="https://www.mysite.com/portal", 
          username='fakeaccount', 
          password='fakepassword', 
          profile='portal_profile')
```

2. Now connect using the `profile`

```python
gis = GIS(profile='portal_profile')
```

**What Happened?**

Instead of keeping your password in plain text, now we leverage the operating system's credential store for the logged in user.  The credentials never get passed on when you use profiles.

##### Other Login Methods

- LDAP
- IWA
- PKI
- OAuth 2.0.
- API Key
- Developer Keys (Supported in ArcGIS Online and New at 11.5)

### Demo: Developer API Key

<img src="./img/developer_api_key.JPG"/>

- API key authentication is a type of authentication that uses long-lived access tokens embedded directly into an application to authenticate requests to access secure ArcGIS services and items. 

You can use API key authentication to:

- Create public applications that do not require users to sign in.
- Build applications that access location services and items such as hosted layers and data services.
- Create personal automation scripts that access the portal service and spatial analysis services.
- Quickly and easily generate access tokens.
- Embed an access token directly into apps that remains valid for up to 1 year.
- Access secure resources with the privileges of your ArcGIS account.

In [1]:
import sys
sys.path.insert(0, r"C:\SVN\geosaurus_master\src")
from arcgis.gis import GIS, ItemProperties, ItemTypeEnum
import datetime as _dt

gis = GIS(profile='your_online_profile', verify_cert=False, trust_env=True)

Setting `verify_cert` to False is a security risk, use at your own risk.


In [2]:
folder = gis.content.folders.get()
expiration = _dt.datetime(2025, 12, 31, 23, 59, 59)
item_properties:dict = {
    "typeKeywords" : [],
    "type" :"Application",
    "title" :"My First Developer Token",
    "subscriptionType":"app",
    "isPersonalAPIToken":True,
}
item = folder.add(item_properties=item_properties).result()
item

Creating an empty item.


#### Register the Application and Define the Privileges

In [3]:
privileges = ["premium:user:basemaps","premium:user:geocode","premium:user:networkanalysis","premium:user:geoenrichment","portal:user:viewOrgUsers",
              "portal:user:createGroup","portal:user:joinGroup","portal:user:joinNonOrgGroup","portal:user:viewOrgGroups",
              "portal:user:invitePartneredCollaborationMembers","portal:user:addExternalMembersToGroup","portal:user:createItem",
              "portal:publisher:publishFeatures","portal:publisher:publishTiles","portal:publisher:publishScenes",
              "portal:publisher:publishTiledImagery","portal:publisher:publishDynamicImagery","portal:user:viewOrgItems",
              "premium:publisher:createNotebooks","premium:publisher:scheduleNotebooks","portal:user:viewTracks",
              "portal:user:reassignItems","portal:publisher:createDataPipelines","portal:user:shareToGroup","portal:user:shareToOrg","portal:user:shareToPublic",
              "portal:user:shareGroupToOrg","portal:user:shareGroupToPublic","premium:publisher:createAdvancedNotebooks",
              "premium:user:demographics","premium:user:featurereport","features:user:edit","features:user:fullEdit",
              "premium:user:spatialanalysis","premium:publisher:rasteranalysis","portal:admin:viewUsers","portal:admin:updateUsers",
              "portal:admin:deleteUsers","portal:admin:inviteUsers","portal:admin:disableUsers","portal:admin:changeUserRoles",
              "portal:admin:manageLicenses","portal:admin:updateMemberCategorySchema","portal:admin:viewGroups","portal:admin:updateGroups",
              "portal:admin:deleteGroups","portal:admin:reassignGroups","portal:admin:assignToGroups","portal:admin:manageEnterpriseGroups",
              "portal:admin:createUpdateCapableGroup","portal:admin:createLeavingDisallowedGroup","portal:admin:viewItems",
              "portal:admin:updateItems","portal:admin:deleteItems","portal:admin:reassignItems","portal:admin:updateItemCategorySchema",
              "portal:publisher:publishServerGPServices","portal:admin:shareToOrg","portal:admin:shareToPublic","portal:admin:createReports",
              "portal:admin:manageSecurity","portal:admin:manageWebsite","portal:admin:manageCollaborations","portal:admin:manageCredits",
              "portal:admin:manageRoles","portal:admin:manageUtilityServices"]
registration_app_info = item.register(app_type='multiple', redirect_uris=["urn:ietf:wg:oauth:2.0:oob"], http_referers=['http'], privileges=privileges, personal_token=True)
registration_app_info

{'itemId': 'ae9f35ef7f464adda22cf099384deda7',
 'client_id': 'x8Nu9xujoQnnTqOT',
 'client_secret': '84928e61efe047efbdaabc56d31d1fd7',
 'appType': 'multiple',
 'redirect_uris': ['urn:ietf:wg:oauth:2.0:oob'],
 'registered': 1741267501000,
 'modified': 1741267501000,
 'apnsProdCert': None,
 'apnsSandboxCert': None,
 'gcmApiKey': None,
 'httpReferrers': ['http'],
 'privileges': ['portal:admin:createUpdateCapableGroup',
  'portal:user:createItem',
  'portal:user:viewOrgGroups',
  'portal:user:joinNonOrgGroup',
  'premium:publisher:rasteranalysis',
  'portal:admin:reassignItems',
  'portal:admin:updateItems',
  'premium:publisher:createNotebooks',
  'portal:publisher:publishTiles',
  'portal:user:shareGroupToPublic',
  'portal:user:viewOrgUsers',
  'portal:admin:manageCollaborations',
  'premium:publisher:createAdvancedNotebooks',
  'premium:publisher:scheduleNotebooks',
  'portal:admin:deleteItems',
  'portal:admin:manageCredits',
  'portal:user:addExternalMembersToGroup',
  'portal:admin:

### Generate the Token


In [None]:
token_info: dict = item.generate_api_token(
    slot=1,
    regenerate=False,
    expiration=_dt.datetime.now() + _dt.timedelta(weeks=30),
)
token_info.keys()

dict_keys(['access_token', 'expires_in'])

#### Test the Token Out

In [None]:
print(
    GIS(
        url=gis.resturl,
        token=token_info['access_token'],
        set_active=False,
        verify_cert=False,
        trust_env=True,
    ).properties['appInfo']
)

Setting `verify_cert` to False is a security risk, use at your own risk.


{'appId': 'x8Nu9xujoQnnTqOT', 'itemId': 'ae9f35ef7f464adda22cf099384deda7', 'appOwner': 'andrew57', 'orgId': 'JEwYeAy2cc8qOe3o', 'appTitle': 'My First Developer Token', 'privileges': ['features:user:edit', 'features:user:editIndoorsSpaces', 'features:user:fullEdit', 'portal:admin:assignToGroups', 'portal:admin:changeUserRoles', 'portal:admin:createLeavingDisallowedGroup', 'portal:admin:createReports', 'portal:admin:createUpdateCapableGroup', 'portal:admin:deleteGroups', 'portal:admin:deleteItems', 'portal:admin:deleteUsers', 'portal:admin:disableUsers', 'portal:admin:inviteUsers', 'portal:admin:manageCollaborations', 'portal:admin:manageCredits', 'portal:admin:manageEnterpriseGroups', 'portal:admin:manageLicenses', 'portal:admin:manageRoles', 'portal:admin:manageSecurity', 'portal:admin:manageUtilityServices', 'portal:admin:manageWebsite', 'portal:admin:reassignGroups', 'portal:admin:reassignItems', 'portal:admin:shareToOrg', 'portal:admin:shareToPublic', 'portal:admin:updateGroups', '

In [7]:
item.delete(permanent=True)

True

# Administering Enterprise


In [9]:
gis =GIS(profile='your_enterprise_profile')
admin = gis.admin

### About Enterprise Administration

The enterprise administration is obtained off of the `GIS.admin` property.
This property allows administrators to do the following:

- Modify the UX
- Place the Enterprise into Read Only Mode
- Security (setting up IWA/Kerberos)
- Resource File Management
- Server Management
- Content Monitoring
- Log management and querying
- License management
- Webhook management

and much more...

### Examining All Content

The `admin.content` allows administrators to walk all the Items on an organization.

- Administrators can filter by `item_type` 
- Creates a generator object
- highly memory effecient

In [62]:
from arcgis.gis import ItemTypeEnum
for content in admin.content(ItemTypeEnum.FILE_GEODATABASE):
    print(content)
    break

<Item title:"Ports in the Western US" type:File Geodatabase owner:arcgis_python>


#### Working with Webhooks

In [63]:
admin.webhooks.list()

[]

In [None]:
# https://webhook.site/#!/view/37973b83-dc8f-43d2-b701-0f19732e0286
admin.webhooks.create(url="https://webhook.site/37973b83-dc8f-43d2-b701-0f19732e0286", name="test webhook")

<WebHook @ test webhook>

In [None]:
folder = gis.content.folders.get()
sitem = folder.add(item_properties={"title":"test webhook item", 
                                    "type" :"Shapefile"}, 
                   file=r"C:\GIS\cities_webhooks.zip").result()
sitem.delete()


##### Web Hook Responses

##### Adding an Item
<img src="./img/webhook_add_item_resp.jpg" width=500/>

##### Deleting an Item

<img src="./img/webhook_delete_item_resp.jpg" width=500/>

In [70]:
admin.webhooks.list()[0].delete()

True

### Working with Enterprise Logs

- When you have a problem, you go to the logs and figure out what went wrong.
- The logs many issues with your Portal and new at 11.5, it will gather all the enterprise servers as well.
- Max Age is 90 days.

In [75]:
admin.logs.properties

{
  "resources": [
    "settings"
  ],
  "operations": [
    "query",
    "clean"
  ]
}

In [None]:
admin.logs.query(start_time=_dt.datetime(2025, 1, 1), 
                 end_time=_dt.datetime(2025, 1, 31), 
                 level='WARNING')

{'hasMore': False,
 'startTime': 1738262862628,
 'endTime': 1735714973128,
   'message': 'The ArcGIS Enterprise deployment has not been backed up since it was created. Strongly consider backing up the deployment using the WebGIS DR tool available within the tools directory.',
   'time': 1738262862628,
   'source': 'Portal',
   'machine': 'IP-172-31-37-58.US-EAST-2.COMPUTE.INTERNAL',
   'user': '',
   'code': 2180343,
   'elapsed': '',
   'process': '1381981',
   'thread': '1',
   'methodName': '',
   'requestID': ''},
   'message': " Sign in error: Invalid username or password specified for 'ArcGISPyAPIBot'.",
   'time': 1738261626709,
   'source': 'Sharing',
   'machine': 'IP-172-31-37-58.US-EAST-2.COMPUTE.INTERNAL',
   'user': '',
   'code': 204051,
   'elapsed': '',
   'process': '1382452',
   'thread': '1',
   'methodName': '',
   'requestID': ''},
   'message': " Sign in error: Invalid username or password specified for 'ArcGISPyAPIBot'.",
   'time': 1738261593397,
   'source': 'S

### Managing Federated Services

- Provides access to federate and unfederated servers
- Allows administrators to `list` or `get` servers
- Allows for validation of Federated servers to check for problems.

In [52]:
server_mgr = admin.servers
server_mgr

< ServerManager @ https://pythonapi.playground.esri.com/portal/portaladmin >

##### Server Validation



In [None]:
server_mgr.validate()

##### Get the Hosting Servers

In [56]:
hosting_server = server_mgr.get("HOSTING_SERVER")[0]
hosting_server

< Server @ https://pythonapi.playground.esri.com/server/admin >

### Managing Enterprise Resources

As administrators, you have access to the under pinnings of the system.  Things like home page settings and other system resources can be managed from the admin endpoint.

##### Listing System Resources

In [None]:
admin.resources.list()

[{'key': 'home.page.json',
  'size': 780,
  'created': 1741276370057,
  'access': 'org'},
 {'key': 'localizedOrgProperties',
  'size': 78,
  'created': 1741276369941,
  'access': 'org'}]

#### UI/UX Customization

The ArcGIS API for Python allows users to create, clone and edit the user experience on both ArcGIS Online and Enterprise.

In [30]:
uxmgr = admin.ux
uxmgr.description, uxmgr.name

('This is a Demo Enterprise Hosted by the ArcGIS API for Python Team',
 "ArcGIS API for Python's Demo Enterprise")

In [31]:
uxmgr.description = 'This is a Demo Enterprise Hosted by the ArcGIS API for Python Team'
uxmgr.name = "ArcGIS API for Python's Demo Enterprise"
uxmgr.description, uxmgr.name 


('This is a Demo Enterprise Hosted by the ArcGIS API for Python Team',
 "ArcGIS API for Python's Demo Enterprise")

In [33]:
og_title = uxmgr.homepage_settings.get_title()
og_title['title']

'ArcGIS API for Python Enterprise'

In [25]:
uxmgr.homepage_settings.get_background()

'RIVERVIOLET'

##### Current Status of Home Page

<img src="./img/og_ux_part1.jpg" width=50%/>

#### Modify the UX

In [None]:
from arcgis.gis.admin import StockImage
uxmgr.homepage_settings.set_background(stock_image=StockImage.GEOLOGYAMBER)
uxmgr.homepage_settings.set_title(title='ArcGIS API for Python Demo Enterprise')

True

##### Updated Status of Home Page

<img src="./img/og_ux_part2.jpg" width=50%/>

#### Cloning the User Interface

Once you have a UI/UX design completed and ready to go, you can `clone` it and save it locally.

In [39]:
ux_settings = uxmgr.clone()[0].result()
print(ux_settings)

C:\Users\andr5624\AppData\Local\Temp\1\9cfd73\d7e1f.uxpk


In [40]:
uxmgr.load_offline_configuration(ux_settings)

True

In [41]:
# reset the values
uxmgr.description = 'This is a Demo Enterprise Hosted by the Python API'
uxmgr.name = 'ArcGIS API for Python Enterprise'
uxmgr.homepage_settings.set_background(stock_image=StockImage.RIVERVIOLET)

True

#### Read-Only Mode

- Switching an enterprise to read-only mode allows organizations to stop the addition of new information.
- One use case is in preperation of content migration, an administrator would place the organization into read only mode.

In [13]:
admin.mode

{'isReadOnly': False}

```python
mode_settings = admin.mode
mode_settings['isReadOnly'] = True
admin.mode = mode_settings
admin.mode 
{'isReadOnly': True}
```

## Managing Content

In [25]:
from arcgis.gis import GIS
from arcgis.auth.tools._util import detect_proxy
gis = GIS(profile='your_online_profile', verify_cert=False, proxy=detect_proxy(True))

Setting `verify_cert` to False is a security risk, use at your own risk.


In [26]:
cm = gis.content
cm

<arcgis.gis.ContentManager at 0x25ef4f80af0>

### Working with Content

<img src="./img/content-manager.jpg"/>

**The content manager allows users and administrators to work with, find and manage content**

#### Searching

##### `search` Example

- provides a simple search method
- max items is 10,000
- do not have full control over searches

In [27]:
cm.search(query="title: battle", item_type="Feature Layer", outside_org=False)

[]

In [28]:
cm.search(query="title: battle", item_type="Feature Layer", outside_org=True)

[<Item title:"Civil_War_Battles" type:Feature Layer Collection owner:t3g09_BarbareeDuke>,
 <Item title:"Battles won by rebel forces" type:Feature Layer Collection owner:koneill_worldmap>,
 <Item title:"5kmNearest_Site_Poteniels_to_Battles" type:Feature Layer Collection owner:LroyCWT>,
 <Item title:"Key US Civil War Battles-Decisive" type:Feature Layer Collection owner:rzhu_nvcc>,
 <Item title:"Wiltshire Battlefield (polygon)" type:Feature Layer Collection owner:GillyH>,
 <Item title:"Bad Bird Village_WFL1" type:Feature Layer Collection owner:Steven.Wahweotten_Pokagon>,
 <Item title:"Cost of Living Index Ian Battles_WFL1" type:Feature Layer Collection owner:battles.i_ENVR>,
 <Item title:"Battle of Gettysburg Day 1" type:Feature Layer Collection owner:kjohnson@junipercre.com>,
 <Item title:"Civil War Battles" type:Feature Layer Collection owner:kjohnson@junipercre.com>,
 <Item title:"TN_Civil_War_Battles" type:Feature Layer Collection owner:GREENMAS>]

##### `advanced_search` Example

- full control searching option
- removed limitations of `search`
- returns items as dictionary, which speeds up searches
- leverage system for simple statistics about content

**How Many Item to Examine?**

In [29]:
count = cm.advanced_search('title: battle AND  (type:"feature service")', return_count=True)
count

642

In [30]:
items = cm.advanced_search('title: battle AND  (type:"feature service")', max_items=count, 
                           sort_field='avgRating', sort_order='desc')['results']
items[10:20]

[<Item title:"Hot Spots ACLED-Version-5-All-Africa-1997-2014_battles" type:Feature Layer Collection owner:snyongesa_EsriEAsolutions>,
 <Item title:"WII Battles_ European Theatre Casualty Count_WFL1" type:Feature Layer Collection owner:rrobertson33_cp4510>,
 <Item title:"HS_USH_IM_T12_L06_001M_view" type:Feature Layer Collection owner:skktracy>,
 <Item title:"Civil_War_Battles - Battles_1861" type:Feature Layer Collection owner:CP4510Students_gtmaps>,
 <Item title:"HS_WH_IM_T11_L07_001M_view" type:Feature Layer Collection owner:skktracy>,
 <Item title:"Military Battle Lines" type:Feature Layer Collection owner:tenglim_worldmap>,
 <Item title:"Podcasts in Antietam National Battlefield - Explore Natural Communities" type:Feature Layer Collection owner:dhauverb10>,
 <Item title:"City_of_Battle_Ground_Watersheds" type:Feature Layer Collection owner:CityofBattleGround>,
 <Item title:"HLL_Battle_App___Deployable_Line_Features_SMdM" type:Feature Layer Collection owner:topher303>,
 <Item title:

**Gathering Information from Searches**

- In this demo we will see how much new content was added to the organization in the last 5 days.

In [31]:
import datetime as _dt

now =_dt.datetime.now(_dt.timezone.utc)
then = now - _dt.timedelta(days=5)


In [32]:
cm.advanced_search(
    f"created: [{int(then.timestamp()* 1000)} TO {int(now.timestamp()* 1000)}] AND accountid:{gis.properties.id}", 
    return_count=True)

57

#### Adding and Publishing Content

In [33]:
import uuid
username = f"UCUser{uuid.uuid4().hex[:3]}"
password = f"!{uuid.uuid4().hex[:6]}A"
user = gis.users.create(username=username,
        password=password,
        firstname=uuid.uuid4().hex[:6],
        lastname=uuid.uuid4().hex[:6],
        email=uuid.uuid4().hex[:6] + "@esri.com",
        role='org_publisher')
user

In [34]:
user.items()

[]

##### Publishing a Table

In [35]:
import io, uuid
import pandas as pd
from arcgis.gis import ItemProperties, ItemTypeEnum

In [36]:
buffer = io.StringIO()
df = pd.read_csv("./data/banklist.csv")
df.to_csv(buffer)

In [37]:
from arcgis.gis import GIS
gis = GIS(profile='your_online_profile')

In [38]:
item_failed_banks = gis.content.add(
        item_properties={
            "type": "CSV",
            "title": "Failed Banks",
            "fileName": f"failedbanks{uuid.uuid4().hex[:5]}.csv",
        },
        data=buffer,
)

In [39]:
analyzed = gis.content.analyze(item=item_failed_banks)
publish_parameters = analyzed['publishParameters']
publish_parameters[
        'name'
    ] = f"Failed_Banks_{uuid.uuid4().hex[:2]}"  # this needs to be updated
publish_parameters['locationType'] = None  # this makes it a hosted table
published_item = item_failed_banks.publish(publish_parameters)

In [40]:
published_item

##### Adding/Publishing Content to a User

In [43]:
user_item = gis.content.add(
    item_properties= {'title' : 'World Cities', 
                      'tags' : "cities, world coverage, population", 
                      'type' : "Shapefile" },
    data=r"/data/cities.zip",
    owner=user,
)
user_item

RuntimeError: File(/data/cities.zip) not found.

In [42]:
pitem = user_item.publish({'name' : f'world{uuid.uuid4().hex[:4]}cities'})
pitem

NameError: name 'user_item' is not defined

##### Reassigning Content 

In [None]:
user.items()

In [None]:
folder = gis.content.create_folder("uc_demo_migration_folder")
folder

In [None]:
item = user.items()[-1]
item.reassign_to(target_owner=gis.users.me.username,
    target_folder= 'uc_demo_migration_folder')

In [None]:
gis.users.me.items("uc_demo_migration_folder")

##### Erase the User

In [44]:
user.delete()

True

## Metadata 

- Administrators can enable metadata for the organization

In [45]:
gis = GIS(profile='your_online_profile')
mm = gis.admin.metadata
mm

< MetadataManager at https://geosaurus.maps.arcgis.com >

In [46]:
mm.enable()

True

In [47]:
mm.is_enabled

True

## Content Migration/ Monitoring

### Cloning Items

**`clone_items` provides the ability to copy content from one site to another**

<img src="./img/clone_items.jpg" />

## Continue onto Reporting and Monitoring 