Use case - Manage users

This use case provides a comprehensive description of all procedures that administrators must carry out for a tenant so that all authorized employees can work with ARIS Architect. We recommend that you use ARIS Administration to manage users, user groups, privileges, licenses, documents, configurations, and processes in ARIS. This is what the use case is based on. Using User Management is advisable only for users of ARIS Risk and Compliance, ARIS Publisher, PPM, and MashZone.

Scenario

After installation, the following system users exist: 'superuser' and 'system'. They are responsible for the user management of an activated tenant. The server was started, the password for the system user superuser has not been changed yet.

User management in ARIS Administration

Prerequisite

You have administrator function privileges.

Procedure

  1. Open ARIS Administration and log in as 'superuser'.

    1. Click Application launcher Application launcher > Administration Administration. ARIS Administration opens.

  2. Change the passwords for the users 'superuser' and 'system'.

    1. Change the passwords of the users superuser and system to prevent unauthorized access to the system. These users are created automatically after installation and have comprehensive function privileges and authorizations.

    2. Click the user whose password you want to change.

    3. Click Edit Edit.

    4. Enable the Change password check box. The Old password, New password, and Confirm password fields are displayed.

    5. Enter a new password, and reenter it. If you want to use the webMethods integration, passwords must not contain a colon.

    6. Click Save.

      The password is changed. The user receives a notification by e-mail.

  3. Import the license purchased.

    1. Click Licenses Licenses > Product.

    2. Click Import license file Import license file. The corresponding dialog opens.

    3. Select the relevant license file.

    4. Click Upload.

      The license file is transferred. It is shown how many licenses were imported, as well as which licenses could not be installed and why.

  4. Create users.

    1. Click Create user Add user. The Create user form opens.

    2. Enter the user name, first and last name, e-mail address, if applicable, and password. If no password was specified for the user, a password is automatically generated for the first login and sent to the user. After the first login, the password must be changed. If a user that already exists in the LDAP system is created, the user name must match. The e-mail address is transferred automatically. For the other specifications you can enter any characters you wish because this information will automatically be transferred from the LDAP system after the user is created.

      The user name does not necessarily have to correspond to a person's first or last name. To comply with the GDPR, a randomly selected character string is used, or an abbreviation of the first and/or last name.

    3. Click Save. The details view of the user is displayed.

      The user is created. If no password was specified for the user, a password is automatically generated for the first login and sent to the user. After the first login, the password must be changed.

  5. Alternatively, import LDAP users.

    1. Click Additional functions Additional functions.

    2. Click Start LDAP import Start LDAP import. The button is active only if an LDAP system is configured on the server.

    3. Select whether you want to import only users or user groups and associated users.

    4. Select if you want to use the default filter or create a custom one.

    5. Click Preview to check how many users or user groups are imported. The number is displayed, as well as up to 100 elements to be imported in alphabetical order.

    6. Click Start import.

      The users or user groups and associated users are transferred from the LDAP system according to the selected options.

  6. Create user groups.

    1. Click User management User management and select User groups. The list of user groups opens.

    2. Click User group Add user group.

    3. Enter the name of the user group and an optional description.

    4. Click Save.

      The user group is created.

  7. Alternatively, import LDAP user groups.

    1. Click Additional functions Additional functions.

    2. Click Start LDAP import Start LDAP import. The button is active only if an LDAP system is configured on the server.

    3. Select whether you want to import only users or user groups and associated users.

    4. Select if you want to use the default filter or create a custom one.

    5. Click Preview to check how many users or user groups are imported. The number is displayed, as well as up to 100 elements to be imported in alphabetical order.

    6. Click Start import.

      The users or user groups and associated users are transferred from the LDAP system according to the selected options.

  8. Assign a user group to the user.

    1. Click the user whose user group association you want to change.

    2. Click Associated user groups.

    3. Click Edit user group association Edit assignment. The Associate user groups dialog opens.

    4. Enable the check boxes of the relevant items in the Available user groups box, and click Right arrow Add. The user groups are transferred to the Associated user groups box.

    5. Click OK.

      The user group is assigned to the user.

  9. Assign function privileges to the user, if required.

    1. Click the user you wish to assign function privileges to. The user data is displayed.

    2. Click Privileges. The list of function privileges is displayed.

    3. Enable (Enabled) the check boxes of the privileges whose assignment you want to add.

      The user is assigned the selected privileges. This provides the user with privileges for functions (for example, the Database administrator function privilege).

  10. Assign license privileges to the user.

    1. Click the user you wish to assign license privileges to. The user data is displayed.

    2. Click Privileges. The list of function privileges is displayed.

    3. Click License privileges.

    4. Enable (Enabled) the check boxes of the privileges whose assignment you want to add.

      The user is assigned the selected privileges. This provides the user with access to the ARIS products relevant to him.

Users can now log in with their assigned privileges.

For each ARIS database, you can grant access privileges to user groups or users. Product-specific privileges are assigned in each ARIS product.

User management in ARIS Architect

Procedure

These actions can also be carried out by users with the Database administrator and User administrator function privileges.

  1. Start ARIS Architect.

  2. Log in as system user and connect to the default tenant.

    Please use the new password that you just changed in ARIS Administration. ARIS Architect starts.

  3. Create databases. All users with the Database administrator function privilege can do so.

    1. Click ARIS > Show Administration Administration or ARIS > Explorer Explorer.

    2. Click Navigation Navigation in the bar panel if the Navigation bar is not activated yet.

    3. In the Explorer tree, right-click your connection to the ARIS Server and select New New > Database without versioning capability Database.

    4. Enter a name. Do not use any special characters.

    5. Enable the Versionable check box if you want the content of the new database to be versioned.

    6. Click OK. The database is created and displayed in the Navigation bar, either as a Database without versioning capability non-versionable or Versionable database versionable database.

      All users and user groups are automatically transferred from ARIS Administration.

    7. Assign access privileges.

    8. Assign function privileges to users and user groups.

    9. Assign filters to users and user groups.

    The database is available to authorized users.

  4. Assign access privileges for database groups. These actions can be carried out by all users with the User administrator function privilege.

    1. Click ARIS > Explorer Explorer.

    2. Log in to the database.

    3. Click Navigation Navigation in the bar panel if the Navigation bar is not activated yet.

    4. Right-click the group for which you want to edit the access privileges, and select Properties Properties.

    5. Click Access privileges (users) or Access privileges (user groups) on the Selection tab.

    6. Select the users/user groups for which you want to assign privileges.

    7. Select the required access privileges. You can assign Read (r), Write (w), and Delete (d) access privileges. The Version (v) access privilege is available for versionable databases only. The selection is displayed in the Privileges column.

    8. If you click the Pass on privileges button, the selected access privileges are applied to all subgroups. This also applies to all new subgroups created below this group in the future.

    9. Click OK.

    After the user logs in to the database again the changed access privileges will be in effect.

  5. Assign database-specific function privileges to users and user groups.

    1. In ARIS Architect, click ARIS > Show Administration Administration.

    2. Click Navigation Navigation in the bar panel if the Navigation bar is not activated yet.

    3. Log in to the database.

    4. In the Navigation bar, click Users Users or User groups User groups.

    5. In the table, right-click the user or user group, and select Properties Properties.

    6. Click Function privileges on the Selection tab.

    7. In the Assign column, click the relevant function privileges. You can assign only function privileges that are assigned to you, too.

      You cannot change function privileges for system users.

      If you selected User in the Navigation bar and are logged on as system user, you can enable the System user check box. This user receives all function and access privileges.

    8. Click OK.

    The function privileges are now assigned for this database.

    For users to be able to view specific content of the database, you assign access privileges to them.

  6. Assign filters to users and user groups.

    1. In ARIS Architect, click ARIS > Show Administration Administration.

    2. Click Navigation Navigation in the bar panel if the Navigation bar is not activated yet.

    3. Log in to the database.

    4. In the Navigation bar, click Users Users or User groups User groups.

    5. In the table, right-click the user or user group, and select Properties Properties.

    6. Click Method filter on the Selection tab.

    7. In the Assign column, enable the checkboxes of the relevant filters.

    8. Click OK.

    The selected filters are assigned. Users can now log in using these filters.

    You can select a default filter for each database. This filter is automatically assigned when you create users and user groups.

All users with the corresponding privileges can work with ARIS Architect.

For new databases, these privileges must be assigned by authorized users.

ARIS video tutorial

ARIS Architect 'Administration' tab versus ARIS Administration (approx. 1 minute)