This use case provides a comprehensive description of all procedures that administrators must carry out for a tenant so that all authorized employees can work with ARIS Architect. We recommend that you use ARIS Administration to manage users, user groups, privileges, licenses, documents, configurations, and processes in ARIS. This is what the use case is based on.
Scenario
After installation, the following system users exist: 'superuser' and 'system'. They are responsible for the user management of all tenants. The server was started, the password for the system user superuser has not been changed yet.
User management in ARIS Administration
.
Click Application launcher >
Administration. ARIS Administration opens.
.
Change the passwords of the users superuser and system to prevent unauthorized access to the system. These users are created automatically after installation and have comprehensive function privileges and authorizations.
Click the user whose password you want to change.
Click Edit.
Enable the Change password check box. The Old password, New password, and Confirm password fields are displayed.
Enter a new password, and reenter it. If you want to use the webMethods integration, passwords must not contain a colon.
Click Save.
The password is changed. The user receives a notification by e-mail.
.
Click Licenses > Product.
Click Import license file. The corresponding dialog opens.
Select the relevant license file.
Click Upload.
The license file is transferred. It is shown how many licenses were imported, as well as which licenses could not be installed and why.
or synchronize them from your LDAP system.
Click Add user. The Create user form opens.
Enter the user name, first and last name, e-mail address, if applicable, and password. If no password was specified for the user, a password is automatically generated for the first login and sent to the user. After the first login, the password must be changed. If a user that already exists in the LDAP system is created, the user name must match. The e-mail address is transferred automatically. For the other specifications you can enter any characters you wish because this information will automatically be transferred from the LDAP system after the user is created.
The user name does not necessarily have to correspond to a person's first or last name. To comply with the GDPR, a randomly selected character string is used, or an abbreviation of the first and/or last name.
Click Save. The details view of the user is displayed.
The user is created. If no password was specified for the user, a password is automatically generated for the first login and sent to the user. After the first login, the password must be changed.
or synchronize them from your LDAP system.
Click User management and select User groups. The list of user groups opens.
Click Add user group.
Enter the name of the user group and an optional description.
Click Save.
The user group is created.
.
Click the user whose user group association you want to change.
Click Associated user groups.
Click Edit assignment. The Associate user groups dialog opens.
Enable the check boxes of the relevant items in the Available user groups box, and click Add. The user groups are transferred to the Associated user groups box.
Click OK.
The user group is assigned to the user.
.
Click the user you wish to assign function privileges to. The user data is displayed.
Click Privileges. The list of function privileges is displayed.
Enable () the check boxes of the privileges whose assignment you want to add.
The user is assigned the selected privileges. This provides the user with privileges for functions (for example, the Database administrator function privilege).
.
Click the user you wish to assign license privileges to. The user data is displayed.
Click Privileges. The list of function privileges is displayed.
Click License privileges.
Enable () the check boxes of the privileges whose assignment you want to add.
The user is assigned the selected privileges. This provides the user with access to the ARIS products relevant to him.
Users can now log in in line with their assigned privileges. Product-specific privileges are assigned in each ARIS product.
User management in ARIS Architect
These actions can also be carried out by users with the Database administrator and User administrator function privileges in databases.
Start ARIS Architect.
Log in as system user and connect, for example, to the default tenant.
Use the new password that you just changed in ARIS Administration. ARIS Architect starts.
Database administrator database function privilege can do so.
All users with theClick ARIS > Administration or ARIS >
Explorer.
Click Navigation in the bar panel if the Navigation bar is not activated yet.
In the Explorer tree, right-click your connection to the ARIS server and select New >
Database.
Enter a name. Do not use any special characters.
Enable the Versionable check box if you want the content of the new database to be versioned.
Click OK. The database is created and displayed in the Navigation bar, either as a non-versionable or
versionable database.
All users and user groups are automatically transferred from ARIS Administration.
The database is available to authorized users.
User administrator database function privilege.
. These actions can be carried out by all users with theClick ARIS > Explorer.
Log in to the database.
Click Navigation in the bar panel if the Navigation bar is not activated yet.
Right-click the group for which you want to edit the access privileges, and select
Properties.
Click Access privileges (users) or Access privileges (user groups) on the Selection tab.
Select the users/user groups for which you want to assign privileges.
Select the required access privileges. You can assign Read (r), Write (w), and Delete (d) access privileges. The Version (v) access privilege is available for versionable databases only. The selection is displayed in the Privileges column.
If you click the Pass on privileges button, the selected access privileges are applied to all subgroups. This also applies to all new subgroups created below this group in the future.
Click OK.
After the user logs in to the database again the changed access privileges will be in effect.
.
In ARIS Architect, click ARIS > Administration.
Click Navigation in the bar panel if the Navigation bar is not activated yet.
Log in to the database.
In the Navigation bar, click Users or
User groups.
In the table, right-click the user or user group, and select Properties.
Click Function privileges on the Selection tab.
In the Assign column, click the relevant function privileges. You can assign only function privileges that are assigned to you, too.
You cannot change function privileges for system users.
If you selected User in the Navigation bar and are logged on as system user, you can enable the System user check box. This user receives all function and access privileges.
Click OK.
The function privileges are now assigned for this database.
For users to be able to view specific content of the database, you assign access privileges to them.
In ARIS Architect, click ARIS > Administration.
Click Navigation in the bar panel if the Navigation bar is not activated yet.
Log in to the database.
In the Navigation bar, click Users or
User groups.
In the table, right-click the user or user group, and select Properties.
Click Method filter on the Selection tab.
In the Assign column, enable the checkboxes of the relevant filters.
Click OK.
The selected filters are assigned. Users can now log in using these filters.
You can select a default filter for each database. This filter is automatically assigned when you create users and user groups.
All users with the corresponding privileges can work with ARIS Architect. For new databases, these privileges must be assigned by authorized users. Further procedure descriptions are available in the ARIS Administration help (<user names> > Help).