Database users have the roles that are defined by various combinations of license, access and function privileges. These users can also have administrator roles if they were assigned the corresponding privileges in ARIS Administration. You can define individual roles by assigning users special privileges.
ARIS distinguishes between the user types described below:
Technical users
Users required for the automatic process flow of specific functions:
superuser
This user is the ARIS administrator in ARIS Administration. This user does not have any function and access privileges in databases.
arisservice
If a user other than arisservice is to be used by default for running the services, this must be configured in the file <installation directory of ARIS\server\bin\work\work_abs_s\base\config\age-configuration.properties>. The user's password must be used as the default password. The user arisservice still exists in your user management and must be deleted manually.
System user 'system'
The system user system assumes the administrator role of the system administrator and has all function and access privileges in all databases of a tenant. Authorized persons can use this emergency user to log in to any database, even if you are using an external system, such as LDAP, for authentication.
The name system cannot be changed. The System user check box for this user (Function privileges properties page in ARIS Architect) cannot be disabled either. You should immediately change the password manager to prevent unauthorized access.
To avoid problems, you should create additional system users. Having more than one system user can avoid problems, for example, if one system user has forgotten his password. If you forgot the passwords of all your system users, the full range of functions is no longer available and full data access is no longer possible.
System users
System users are users who have all function and access privileges in a database and who have system) or by another system user. The system user system is created automatically. The name system cannot be changed. A system user should immediately change the password manager in ARIS Administration to prevent unauthorized access. The function and access privileges of system users cannot be changed at database level. To withdraw privileges from a system user, another system user must disable the System user check box on the former user's Function privileges properties page. As a result, the user's privileges can be changed. After this, the user has no access privileges.
in ARIS Administration. System users can be created by the system administrator (userThe system user is created automatically. By default, the system user has all function privileges. This user can log in to Process administration, ARIS Administration, User Management, and ARIS Process Board. In ARIS Architect and ARIS Designer, this user has all access privileges for all database groups of all databases. This user only uses up a license if a license privilege is activated for this user. The default password is manager. You should change the default password to prevent unauthorized access. You can change all user data except for the user name.
Having more than one system user can avoid problems, if, for example, your single
system user has forgotten his password. You can create additional system users or copy the existing system user. If your only system user was deleted accidentally, create a new one by using the superuser. The user can only be deleted individually. Enable the Generate, if not available option ( Application launcher >
Administration > Configuration > User management > Users >) so that the user is automatically generated again at startup with the last saved
password.
Users
Default users work within the group structure of their area of responsibility. This is determined by their access privileges. Each user can be assigned function privileges that will allow them to take on certain roles.
Examples of individual roles
Project managers
Owners of this role are responsible for the entire project. Depending on the organizational structure, this role can assign many tasks to other project employees. In this case, this role needs only very few privileges. The Read access privilege for all groups allows the user to read the latest information.
If project managers do not delegate the tasks described below, they need all function and access privileges for the database, and therefore, they log in as system users. Otherwise, the function privileges shown in parentheses should be assigned to project employees in charge.
Owners of this role can then take on the corresponding tasks.
Change their own passwords.
Define the number of users (project employees) and user groups (logical grouping of users), and the corresponding license, function and access privileges.
(User management function privilege)
Manage logos. For example, you can use your company logo as a print logo, which can then be embedded in the header or footer of a model when printing.
(Database management function privilege)
Create font formats. Font formats of a database define the representation of database content in models. They are only available in the database for which they were created. This enables you to individually design models and deviate from the conventions defined for your company.
(Font format management function privilege)
Create database languages.
(Database management function privilege)
Select an default language. Attributes that have not been specified in the current database language are displayed in this language.
(Database management function privilege)
Consolidate redundant objects
Consolidation allows you to remove redundant data from your database. Shared modeling can lead to inconsistencies. For instance, it is possible that equivalent objects are created a number of times in different operating departments in a database. Using Consolidation you can combine these into a single object definition that is valid throughout the company.
(No function privileges; Delete access privilege for all groups in which object definitions are saved.)
Process manager
Owners of this role are responsible for the entire project. Depending on the organizational structure, this role can assign many tasks to other project employees. In this case, this role needs only very few privileges. The Read access privilege for all groups allows the user to read the latest information.
If project managers do not delegate the tasks described below, they need all function and access privileges for the database, and therefore, they log in as system users. Otherwise, the function privileges shown in parentheses should be assigned to project employees in charge.
Owners of this role can then take on the corresponding tasks.
Change their own passwords.
Define the number of users (project employees) and user groups (logical grouping of users), and the corresponding function and access privileges.
(User management function privilege)
Manage logos. For example, you can use your company logo as a print logo, which can then be embedded in the header or footer of a model when printing.
(Database management function privilege)
Create font formats. Font formats of a database define the representation of database content in models. They are only available in the database for which they were created. This enables you to individually design models and deviate from the conventions defined for your company.
(Font format management function privilege)
Create database languages.
(Database management function privilege)
Select an default language. Attributes that have not been specified in the current database language are displayed in this language.
(Database management function privilege)
Consolidate redundant objects
Consolidation allows you to remove redundant data from your database. Shared modeling can lead to inconsistencies. For instance, it is possible that equivalent objects are created a number of times in different operating departments in a database. Using Consolidation you can combine these into a single object definition that is valid throughout the company.
(No function privileges; Delete access privilege for all groups in which object definitions are saved.)
Quality managers
This role can be performed, for example, by project employees who are not involved in the modeling process.
Owners of this role can lock database items. This means that they can lock models and objects permanently, for example, to perform a review on this data during Release Cycle Management (Lock permanently function privilege).
Project employees (modelers)
The tasks of this role can also be performed by the project-specific roles listed earlier.
Owners of this role can perform the following tasks:
Model processes.
You need at least the Write and Delete access privileges for the database groups in which objects and models in your area of responsibility are saved.
Submit improvement proposals.
(No function privileges; Write access privilege for the groups in which the models are saved.)
Make the improvements that have been assigned to the role as tasks.
(No function privileges; Write and Delete access privileges for the groups in which the models are saved.)