Database users have the roles that are defined by various combinations of license, access and function privileges. These users can also have administrator roles if they were assigned the corresponding privileges in ARIS Administration. You can define individual roles by assigning users special privileges.
ARIS distinguishes between the user types described below:
Technical users
Users required for the automatic process flow of specific functions:
This user is the ARIS administrator in ARIS Administration. This user does not have any function and access privileges in databases.
If a user other than arisservice is to be used by default for running the services, this must be configured in the file <installation directory of ARIS\server\bin\work\work_abs_s\base\config\age-configuration.properties>. The user's password must be used as the default password. The user arisservice still exists in your user management and must be deleted manually.
System user 'system'
The system user system assumes the administrator role of the system administrator and has all function and access privileges in all databases of a tenant. Authorized persons can use this emergency user to log in to any database, even if you are using an external system, such as LDAP, for authentication.
The name system cannot be changed. The System user check box for this user (Function privileges properties page in ARIS Architect) cannot be disabled either. You should immediately change the password manager to prevent unauthorized access.
To avoid problems, you should create (Create system user for a database, Make a user a system user) additional system users. Having more than one system user can avoid problems, for example, if one system user has forgotten his password. If you forgot the passwords of all your system users, the full range of functions is no longer available and full data access is no longer possible.
System users
System users are users who have all function and access privileges in a database and who have the required privileges in ARIS Administration. System users can be created by the system administrator (user system) or by another system user. The system user system is created automatically. The name system cannot be changed. A system user should immediately change the password manager in ARIS Administration to prevent unauthorized access. The function and access privileges of system users cannot be changed at database level. To withdraw privileges from a system user, another system user must disable (Create system user for a database, Make a user a system user) the System user check box on the former user's Function privileges properties page. As a result, the user's privileges can be changed. After this, the user has no access privileges.
Users
Default users work within the group structure of their area of responsibility. This is determined by their access privileges. Each user can be assigned function privileges that will allow them to take on certain roles.
Examples of individual roles
Project managers
Owners of this role are responsible for the entire project. Depending on the organizational structure, this role can assign many tasks to other project employees. In this case, this role needs only very few privileges. The Read access privilege for all groups allows the user to read the latest information.
If project managers do not delegate the tasks described below, they need all function and access privileges for the database, and therefore, they log in as system users. Otherwise, the function privileges shown in parentheses should be assigned to project employees in charge.
Owners of this role can then take on the corresponding tasks.
(User management function privilege)
(Database management function privilege)
(Font format management function privilege)
(Database management function privilege)
(Database management function privilege)
Consolidation allows you to remove redundant data from your database. Shared modeling can lead to inconsistencies. For instance, it is possible that equivalent objects are created a number of times in different operating departments in a database. Using Consolidation you can combine these into a single object definition that is valid throughout the company.
(No function privileges; Delete access privilege for all groups in which object definitions are saved.)
Process manager
Owners of this role are responsible for the entire project. Depending on the organizational structure, this role can assign many tasks to other project employees. In this case, this role needs only very few privileges. The Read access privilege for all groups allows the user to read the latest information.
If project managers do not delegate the tasks described below, they need all function and access privileges for the database, and therefore, they log in as system users. Otherwise, the function privileges shown in parentheses should be assigned to project employees in charge.
Owners of this role can then take on the corresponding tasks.
(User management function privilege)
(Database management function privilege)
(Font format management function privilege)
(Database management function privilege)
(Database management function privilege)
Consolidation allows you to remove redundant data from your database. Shared modeling can lead to inconsistencies. For instance, it is possible that equivalent objects are created a number of times in different operating departments in a database. Using Consolidation you can combine these into a single object definition that is valid throughout the company.
(No function privileges; Delete access privilege for all groups in which object definitions are saved.)
Quality managers
This role can be performed, for example, by project employees who are not involved in the modeling process.
Owners of this role can lock database items. This means that they can lock models and objects permanently, for example, to perform a review on this data during Release Cycle Management (Lock permanently function privilege).
Project employees (modelers)
The tasks of this role can also be performed by the project-specific roles listed earlier.
Owners of this role can perform the following tasks:
You need at least the Write and Delete access privileges for the database groups in which objects and models in your area of responsibility are saved.
(No function privileges; Write access privilege for the groups in which the models are saved.)
(No function privileges; Write and Delete access privileges for the groups in which the models are saved.)