Server administrators manage the servers and tenants of an ARIS system, that is, they are responsible for the technical system aspects:
Technical administrators
Technical server administrators usually manage the physical servers in the IT landscape, for example, database servers and Web servers. They can also perform additional tasks by taking on the role of site administrator. For this, they need the privileges of the various different administrator roles, or they can identify themselves as system user (What is the 'system' user?, What is a system user?) of databases.
ARIS administrator of ARIS Administration
The user superuser is created automatically. By default, this user is assigned the User management, License management, and Configuration administrator function privileges. This user can also enable this function privilege for other users. Users of the superuser type do not use up a license. They manage the system administration, but cannot use ARIS products due to license restrictions. The default password is superuser. You should change the default password to prevent unauthorized access. The password of the superuser is very important, as it is the only user who cannot be deleted. You can change all user data except for the user name.
Users and privileges are managed centrally in ARIS Administration for all ARIS products. The role-dependent data access is controlled by privileges and filters that are assigned per database in ARIS Architect on the Administration tab.
Click ARIS > Administration.
ARIS Administration also provides command-line tools for administration.
ARIS provides a set of command-line tools that can be used to perform administrative operations.
There are always at least two tenants, the tenant default and the tenant master. Most command-line operations require user authentication. The provided user must have sufficient permissions to perform the requested operation, for example, a tenant create, read, update or delete can only be performed by administrators of tenant master.
ARIS installation path>/server/bin/work/word_umcadmin_< your installation size, for example, s,m, or l>/tools/bin for Windows® operating systems
and
ARIS installation path>/cloudagent/bin/work/word_umcadmin_< your installation size, for example, s,m, or l>/tools/bin for Linux operating systems.
The following command line tools are provided:
For more information about parameters and commands please type the tool name followed by /? or -?, for example y-datadump.bat -?.
For Unix operating systems, command-line tools (sh files) can only be started by the aris10 user, for example, enter: su -c y-datadump.sh aris10.
The following command line tools are provided:
ARIS Server Administrators
ARIS Server administrators monitor the system and manage ARIS Server and tenant data using different tools:
The monitoring of physical resources is important to keep ARIS running properly. You can monitor the system using the ACC interface or ACC commands.
ARIS Server Administrator command-line tool
The command line tool ARIS Server Administrator is available if you have installed ARIS Server or the ARIS Administrator Tools (see ARIS Client Installation Guide).
If you have installed ARIS Server, navigate to ARIS installation path>\server\bin\work\work_abs_<s, m, or l>\tools\arisadm and run the batch file.
On Linux operating systems ARIS Server Administrator (arisadm.sh) is available if the aris10adm-<number>-1.x86_64 file was installed (see ARIS Server Installation - Linux).
You can start ARIS Server Administrator from any client computer and access the databases on the server:
Syntax: server <server name>:<port number> <tenant> <user name> <password>
Example: server arissrv:1080 default system manager
ARIS Server Administrator is connected to the server.
Enter help or help <command> to get information about the usage of the commands.
Use the console application ARIS Server Administrator to back up or restore a tenant configuration or to manage the ARIS databases of a tenant, for example. The individual commands are transferred as command line parameters. The program provides information on the success and effect of each command executed.
You can start ARIS Server Administrator from any computer on which the ARIS Client is installed either in interactive mode or command-line mode. In command-line mode you can perform actions automatically as there are no prompts in this mode. If you log in as a system user that has at least the Database administrator function privilege in ARIS Administration for each tenant, you can manage all databases of this tenant.
You start interactive mode by clicking Start > Programs > ARIS > Administration > ARIS Server Administrator 10.0.
You start command-line mode by opening the command prompt from the directory <ARIS installation directory>\tools\ArisAdm.
You can use the following commands and options for the syntax of command-line mode:
<_arisadm><version> [<option>] <command> [<command argument 1>]
or for the syntax of interactive mode:
<command> [<command argument 1>]
Option |
Description |
---|---|
-s <server[:<port>]> |
Server on which the command should be carried out. |
-u <user> <password> |
User name and password of a system user with the required privileges. |
-l <file name> |
Enables the logging of all program operations in the specified log file. The file indicates which operation was performed at what time and with what result. |
-cf <command file> |
Starts a command file containing executable commands. |
-sc <schema context> |
Context the schema uses. ARIS is set as the default. |
-t <tenant> |
Tenant for which the command should be carried out. The default is no tenant. |
-ssl |
The SSL connection used. |
The parts of the command that are surrounded by [brackets] are optional. You can use them if necessary. Default commands are listed below. Advanced commands are described in related documents if required.
Command |
Description and syntax |
backup |
Saves a database <dbname> as an adb file in a directory <archivedir>. If the backup is started using the -c option, saving the database to the backup file starts only after all ongoing operations, such as a merge procedure or an XML import, are complete. Syntax backup <dbname>|-c |all <archivedir> [-p <password for encryption>] [<alternatename>] |
backupasn |
Extracts the state that corresponds to the specified change list number <asn> from a versioned database <dbname> to an ADB file in the directory <archivedir>. You can select either a change list number <asn> or 'head' as a state. 'head' represents the last versioned state Syntax backupasn <dbname>|all <archivedir> <asn>|head [-p <password for encryption>] [<alternatename>] |
backupsystemdb |
Saves the central system database that contains data such as filters, model templates, and scripts in an ADB file in a directory <archivedir>. Syntax backupsystemdb <archivedir> [<alternatename>] |
backupunversioned |
Saves a versioned database <dbname> as a non-versioned ADB file in a directory <archivedir>. Syntax backupunversioned <dbname> <archivedir> |
copy |
Copies a database from <fromdbname> to <todbname>. Syntax copy <fromdbname> <todbname> |
createdb |
Creates a new ARIS database with the name <dbname>. Syntax createdb <dbname> [versioned] |
delete |
Deletes the database <dbname>. When using the force option, the database will be deleted even if users are logged in. Syntax delete <dbname>|all [force] |
dropversions |
Deletes all versions of a database <dbname> up to the version <new min version>. Syntax dropversions <dbname> <new min version> |
encrypt |
Encrypts passwords <password> for use in batch files. Syntax encrypt <password> |
exit |
Exits the interactive mode. |
exportscript |
Exports a script of type <MACRO|REPORT|REPORTTEMPLATE|SEMCHECK|PROFILE> with the identifier <scriptid> to an export directory <exportdirectory>. Syntax <MACRO|REPORT|REPORTTEMPLATE|SEMCHECK|PROFILE> <scriptid> <exportdirectory> |
help |
help provides an overview of all commands including syntax description and possible parameters. help <command> provides help for the command you specified. Syntax help [<command>] |
importfilter |
Imports a method filter <importfile>. Syntax importfilter <importfile> |
importscript |
Imports a script <importfile> of type <MACRO|REPORT|REPORTTEMPLATE|SEMCHECK|PROFILE> in the specified category <categoryname>. Syntax importscript <MACRO|REPORT|REPORTTEMPLATE|SEMCHECK|PROFILE> <importfile> <categoryname> |
indexstate |
Displays the status of the internal cloud search data index. Syntax indexstate <database name> |
interactive |
Starts the program in the interactive mode. |
kill |
Closes the connection <sessionid> of the current tenant. Syntax kill <sessionid>|all |
killtask |
Terminates the given server activity <taskid> on instance <instanceid>, for example, a report that is unable to complete. Syntax killtask <instance id> <task id> [force] To obtain the <instanceid> and <taskid> identifiers, use the monitor command. |
list |
Lists all of the tenant's registered databases. By default, only the databases of the current schema context will be listed. When using the all option, all databases will be listed (including BO databases, for example). Syntax list [all] |
lockdb |
Locks the database with the name <dbname>, or all databases. Users can no longer log in. Syntax lockdb <dbname>|all |
maintain |
Starts the regeneration of search indexes (Cloud Search) for the specified ARIS database or all ARIS databases. Given the fact that running this command may be very time-consuming, it is recommended that you run it only if an error occurs and that you schedule a corresponding maintenance window. Syntax maintain <dbname>|all |
migrate |
Migrates an ARIS 7.1 or 7.2 database <dbname> from an ADB file <archive>, or migrates all ADB files from a directory <archivedir>. You need the password of the system user system to migrate an individual database. To migrate multiple databases the passwords must be supplied to every single database in command-line mode. Syntax migrate [<archive>|<archivedir>]|<systempassword> |
monitor |
Displays all tenant activities in progress, such as backup, XML export etc. |
rename |
Renames the database from <olddbname> to <newdbname>. When using the force option, the database will be renamed even if users are still logged in. Syntax rename <olddbname> <newdbname> [force] |
reorg |
Semantically reorganizes the database <dbname> or all databases by deleting all objects and connection definitions that do not have occurrences in any model. Options available:
Syntax <dbname>|all [options] |
restore |
Restores a database <dbname> from an ADB file <archive>, or restores all ADB/BDB files from a directory. Syntax restore <archive>|<archivedir> [<dbname>] [-p <password for decryption>] [-b <bucket ID>] |
restoresystemdb |
Restores the central system database that contains data such as filters, model templates, and scripts from a system database backup file (ADB) <archive>. You can also update the system database using the After performing an update setup, update the system configuration of each operational tenant (filters, templates, and scripts) based on the supplied system database (ARIS_DVD/Content/SystemDB/*.adb). Any content you have created is retained. Syntax updatesystemdb <archive> You can execute the command for several tenants at the same time. Syntax restoresystemdb <archive> |
restoreunversioned |
Generates a non-versioned database <dbname> from an ADB file <archive> of a versioned database. Also restores databases based on multiple ADB/BDB files of a directory. Syntax restoreunversioned <archive>|<archivedir> [<dbname>] [-p <password for decryption>] |
restoreversioned |
Generates a versioned database <dbname> from an ADB file <archive> of a non-versioned database. Also restores databases based on multiple ADB/BDB files of a directory. In case the option -no_baseline is specified, no initial version in archive is created. Syntax restoreversioned <archive>|<archivedir> [<dbname>] [-p <password for decryption>] [-no_baseline] |
schemacontext |
Changes the schema context of the current tenant. Thus, it is possible to save ARIS Optimizer databases. Possible values are aris and bo. Syntax schemacontext <new schema context> |
server |
Changes the current ARIS Server. Syntax server <server[:<port>]> <tenant> <user> [<password>] [-ssl] |
sessions |
Displays all database connections of the current tenant. Syntax sessions [byuser|bydatabase] |
set |
Displays or changes tenant settings. If no parameters are specified, all settings are displayed. If only <key> is entered, all settings are deleted. If <key> is entered together with <value>, the settings are changed accordingly. Syntax set [<key>] [<value>] |
setindexbucket |
Specifies the bucket ID for a database. Syntax setindexbucket <dbname> <bucket ID> |
setindexrank |
Sets the initial index rank for a database <dbname>. The higher the rank <rank>, the earlier the index is started during cloud search startup. The rank is a number, for example, 5. Syntax setindexrank <dbname> <rank> |
statistic |
Returns the number of all database objects. Syntax statistic <dbname>|all |
threaddump |
Triggers a thread dump on instance <instanceID>. An instance ID can refer to a runnable, such as abs <s, m, or l> or report <s, m, or l>, or to a runnable type, such as abs or report. The thread dump is written to the threaddump.log file. Syntax threaddump <instanceID> |
unlockdb |
Unlocks the database with the name <dbname>, or all databases. Syntax unlockdb <dbname>|all |
updatesystemdb |
After performing an update setup, update the system configuration of each operational tenant (filters, templates, and scripts) based on the supplied system database (ARIS_DVD/Content/SystemDB/*.adb). Any content you have created is retained. Syntax updatesystemdb <archive> You can execute the command for several tenants at the same time. |
userwipeout |
Clears the user identification of one or multiple deleted users from one or all databases. The attributes Last modifier, Creator, and the user name in change list descriptions is set to unknown. Syntax userwipeout <dbname>|all [<user>][,<user>] |
version |
Displays the versions of the programs and libraries in use. |
In the following example, a database is reorganized, whereby all of the objects and connections in the database that do not have an occurrence are deleted.
Warning
If you are using an object library, you should reorganize databases only when each object definition occurs in at least one overview model. If elements have already been created for later use but do not yet occur in models, these elements are deleted during the consolidation.
Reorganization in interactive mode
Syntax
server <server name>[:<port number>] <tenant> <user name>
The parts of the command that are surrounded by brackets are optional, that is, you can use them if necessary.
Example
server arissrv.eur.ag:80 default system
The password is requested.
reorg "United Motor Group"
The database is reorganized. The deleted items are listed.
Reorganization in command-line mode
Syntax
arisadm<version> -s <server name> -t <tenant> -u <user name> <password> reorg <database name>
Example
arisadm.bat -s arissrv.eur.ag -t default -u system manager reorg "United Motor Group"
The database is reorganized. The deleted items are listed.
To obtain information on the ARIS Server administrator commands, enter help or help <command>.
ARIS Cloud Controller (ACC) command-line tool
ACC is a command-line tool (see ARIS Cloud Controller (ACC) Command-Line Tool.pdf) for administrating and configuring an ARIS installation. It communicates with ARIS Agents on all nodes. You can use it in multiple modes.
ARIS Cloud Controller can be used in multiple modes.
To start ACC under a Windows operating system click Start > All Programs > ARIS > Administration > Start ARIS Cloud Controller. If you have changed agent user credentials you must enter the user name and/or the password.
To start ACC under a Linux operating system, execute the acc10.sh shell script instead. To do so, enter: su -c acc10.sh aris10.
After the installation of ARIS Server two tenants are available.
The infrastructure master tenant manages administrative users and all other tenants.
The default tenant is available for operational use. If you need additional operational tenants to provide different sets of databases, users, configurations or ARIS methods you can easily create them. Additional tenants require a new set of ARIS licenses. Licenses must be unique in all tenants.
If you have installed an ARIS Server using an external database management system, all additionally created tenants are available as well. If you are going to create additional tenants for ARIS10.0 to migrate data from ARIS 9.8.7 or later, make sure to use identical names in both ARIS versions.
Administrators can manage tenants in different ways:
Please make sure to manage users and licenses for all tenants.
ARIS document storage command-line tool
ARIS document storage provides a set of command-line tools that can be used to perform administrative operations.
<ARIS installation path>/server/bin/work/work_adsadmin_<your installation size, for example, s,m, or l>/tools/bin for Windows® operating systems
and
ARIS installation path>/cloudagent/bin/work/work_adsadmin_<your installation size, for example, s,m, or l>/tools/bin for Linux operating systems.
Please use y-admintool.bat for Windows operating systems and y-admintool.sh for Unix operating systems. For Unix operating systems, command-line tools (sh files) can only be started by the aris10 user, for example, enter: su -c y-admintool.sh aris10.
General usage
Options |
Description |
---|---|
-?, -h, --help |
Show help, default: false |
-s, --server |
URL of ARIS document storage |
-t, --tenant |
ID of the tenant. The default value is default. |
-umc, --umcserver |
URL of User Management |
Commands |
Description |
Parameters |
---|---|---|
adjustTimestamps |
Modifies the time stamp that is set while creating or updating documents and folders. The timestamp is modified for all documents and folders on a tenant. Usage: adjustTimestamps [options] |
--password (-p) <PASSWORD>. The default password is manager. --user (-u). The default user name is system. * -offset Offset to add (+) or to remove (-) in minutes, for example: "-210". The default value is "0". |
anonymize |
Anonymizes the user information for documents and folders Usage: anonymize [options]
This is compliant to GDPR. The General Data Protection Regulation (GDPR) protects the rights of individuals’ personal data within the European Union. It also regulates the export of personal data outside the EU. GDPR is a regulation by the European Parliament, the Council of the European Union, and the European Commission. |
--password (-p) <PASSWORD> Password of the executor. The default password is manager. By default, no access privileges are defined in ARIS document storage. All users have access to all folders - including the root folder - and documents. You can limit the access to individual folders of ARIS document storage so that not all ARIS document storage users can access all folders and their contents. Please note: If you delete only one user from the user list or from user groups that have access to the folder and then anonymize the folder data, all actions related to the folder data are anonymized. This means that the anonymization does not only affect the data of the deleted user. Before you delete a user, get the user ID of a specific user from the user details in the user management. * -n, --name Name of the user or user group * -type, --type Type of the user or user group -u, --user User name Password of the executor. The default password is system. The user name is replaced by the string anonymous. |
bulkimport |
Imports all files and folders from a specified directory to ARIS document storage. The folder structure of the source is retained. Usage: bulkimport [options] Alternatively, you can import large datasets to ARIS document storage using a report. To do so, contact your local Software AG sales organization.
|
-a, --attributes Creates metadata for every uploaded document, for example: "description:initial upload for migration step|labels:big data,external,draft|source:sharepoint". This example shows how to specify the Description attribute and that custom attributes are created if required attributes were not available by default (title, description, tags, owner). The character | is used to separate the values. However, it must not be used within a value. --password (-p) <PASSWORD> Password of the executor. The default password is manager. --repository (-r) <Repository name>. The default repository is the portal repository used in ARIS document storage or in the repository view in ARIS Connect. The default value is portal. You have to specify the target repository only if you do not use the default repository. A different repository could be the ARIS Risk & Compliance Manager repository for example. -sw, --stopwatch Enables the benchmarking for bulk import of documents and folders. The default value is false. --user (-u) <USERNAME> User name of the executor. The default user name is system. -deltaimportfile Delta import: If errors have occurred during an import, an importerrors.log file is created in the current working directory, for example, ../tools/bin/importerrors.log. To import the documents listed in the log file, specify the following: |
|
|
-deltaimportfile "./importerrors.log". In this case, the path parameter is ignored, and only the files specified in the importerrors.log file are imported. -logfile Specifies the name to be used for the log file when the loglevel parameter is set, for example, %LOGS%adsimport.log. If nothing is specified, but logging is enabled using the loglevel parameter, the adsimport.log file is saved to the current working directory. The default value is adsimport.log. -loglevel Specifies the log level for the bulk import of documents. When set to standard, only document names and IDs are logged. When set to hyperlinks, the HTTP links of documents are also logged. The default value is none. * -path Directory path to be used for bulk import of documents, for example, C:/import/documents/. From the last folder specified, the folder structure is reproduced in the repository of ARIS document storage. Example: If the source folder has the following structure C:/import/documents/folder1/folder2, running the command-line tool using the -path option will generate the structure documents/folder1/folder2 in ARIS document storage. |
|
|
-overwrite If this option is enabled (-overwrite true), existing documents and folders are deleted and newly created according to the specified directory structure. * -path The directory path to be used for the bulk import of documents, for example, C:/import/documents/. From the last folder specified, the folder structure is reproduced in the repository of ARIS document storage. Example: If the folder containing the documents to be imported has the following structure C:/import/documents/folder1/folder2, running the command-line tool using the -path option will generate the structure documents/folder1/folder2 in ARIS document storage. -toplevelfolder If this property is set, the top-level folder specified in -path parameter is ignored during import. If the documents to be imported are located at a level lower than a given folder mydocs, and, for example, the path /mydocs/folder1/folder2 is used with this option, only the structure of the folders subordinate to the mydocs level is mirrored during the import and created directly below the root directory in ARIS document storage. If this property is not set (which is the default), the top-level folder is mirrored as well in the ARIS document storage repository, that is, the entire structure /mydocs/folder1/folder2 is created below the root directory. The default value is false. |
deleteAccessPrivileges |
Removes all access restrictions from a specified folder. Usage: deleteAccessPrivileges [options] |
--folderId (* -f) The folder ID is required to delete all access privileges. --password (-p) <PASSWORD>. The default password is manager. --user (-u). The default user name is system. --user (-u) <USERNAME> User name of the executor. The default user name is system. -orphandata Deletes the access privileges assigned to deleted user groups. The default value is false. -passon Deletes the access privileges from the folder hierarchically. The default value is false. |
exportConfig |
Exports the configuration of ARIS document storage. Usage: exportConfig [options] |
--file (-f) Configuration file. The default value is adsConfig.properties. --password (-p) <PASSWORD>. The default password is manager. --user (-u). The default user name is system. |
importConfig |
Updates the configuration of ARIS document storage of this tenant. Usage: importConfig [options] |
--file ( -f) The configuration file to be imported. The default value is adsConfig.properties. --password (-p) <PASSWORD>. The default password is manager. --user (-u). The default user name is system. |
reindex |
Re-indexes the ARIS document storage database. Usage: reindex [options] |
--password (-p) <PASSWORD>. The default password is manager. --user (-u). The default user name is system. |
thumbnails |
Creates thumbnails for pictures. Usage: thumbnails [options] |
--password (-p) <PASSWORD> Password of the executor. The default password is manager. --repository (-r) <Repository name>. The default repository is the portal repository used in ARIS document storage or in the repository view in ARIS Connect. The default value is portal. You have to specify the target repository only if you do not use the default repository. A different repository could be the ARIS Risk & Compliance Manager repository for example. --user (-u) <USERNAME> User name of the executor. The default user name is system. |
Example
y-admintool.bat -s http://my_aris_host.com:1080 -umc http://my_aris_host.com:1080 -t default bulkimport -u system -p manager -path d:\my_documents
Process Governance command-line tool
Process Governance provides a set of command-line tools that can be used to perform administrative operations.
Warning
To avoid data inconsistencies and possible data loss, you must not perform any of the following activities in parallel, neither manually nor scheduled:
- Deleting any Process Governance process instance, process version, or process
- Archiving Process Governance process instances
- Backup/restore tenant (containing Process Governance or ARIS document storage data)
<ARIS installation path>/server/bin/work/work_apg_<your installation size, for example, s,m, or l>/tools/bin for Windows® operating systems
and
<ARIS installation path>/cloudagent/bin/work/work_apg_<your installation size, for example, s,m, or l>/tools/bin for Linux operating systems.
The following command line tools are provided:
This command-line tool is called by the y-ageclitool.bat or y-ageclitool.sh and configures the environment as required.
For more information about parameters and commands please type the tool name followed by /? or -?, for example y-ageclitool.bat /?.
For Unix operating systems, command-line tools (sh files) except of the y-setenv.sh file, can only be started by the aris10 user, for example, enter: su -c y-ageclitool.sh aris10.
The following command line tools are provided:
This command-line tool is called by the y-ageclitool.bat or y-ageclitool.sh and configures the environment as required.