Restrict script access to specific user groups

On the Administration tab, you manage report scripts, semantic check scripts (profiles and rule types), and transformation scripts, as well as macros.

By default, all users of a tenant are allowed to access scripts. The following description explains how to restrict access to a report script. The procedure is identical for all scripts.

Prerequisite

You are script administrator for this tenant.

The administrator roles described in the following are defined via various privileges at the server and database level. Depending on the roles assigned to the administrators they can carry out specific functions.

superuser

The user superuser is created automatically. By default, this user is assigned the User management, License management, and Configuration administrator function privileges. This user can also enable this function privilege for other users. Users of the superuser type do not use up a license. They manage the system administration, but cannot use ARIS products due to license restrictions. The default password is superuser. You should change the default password to prevent unauthorized access. The password of the superuser is very important, as it is the only user who cannot be deleted. You can change all user data except for the user name. The superuser can recreate the other default users (system, arisservice, guest) if they were deleted.

system

The system user system assumes the administrator role of the system administrator and has all function and access privileges in all databases of a tenant. Authorized persons can use this emergency user to log in to any database, even if you are using an external system, such as LDAP, for authentication.

The name system cannot be changed. The System user check box for this user (Function privileges properties page in ARIS Architect) cannot be disabled either. You should immediately change the password manager to prevent unauthorized access.

To avoid problems, you should create additional system users. Having more than one system user can avoid problems, for example, if one system user has forgotten his password. If you forgot the passwords of all your system users, the full range of functions is no longer available and full data access is no longer possible.

The following administrator roles are defined:

Database administrators

Database administrators require the Database administrator function privilege in ARIS Administration. Users with this role have all function and access privileges and can edit data of all databases of the client.

Database administrators perform the following tasks at the server level:

Users with defined function privileges can perform additional actions at the database level.

Configuration administrators

A Configuration administrator requires the Configuration administrator function privilege in ARIS Administration.

They perform the following tasks:

Script administrators

Script administrators require the Script administrator function privilege in ARIS Administration.

Script administrators perform the following tasks:

Analysis publisher

Analysis publishers require the function privilege of the same name in ARIS Administration.

Analysis publishers perform the following actions:

Analysis administrators

Analysis administrators require the function privilege of the same name in ARIS Administration.

Analysis administrators perform the following actions:

Procedure

  1. In ARIS Architect, click ARIS > Show Administration Administration.

  2. Click Navigation Navigation in the bar panel if the Navigation bar is not activated yet.

  3. In the navigation tree, click the folder Evaluations Evaluations > Reports.

  4. Click the category (subfolder) where the script is saved.

  5. Select the report to be made available for defined user groups only.

  6. In the Start tab bar, click Properties Properties. The report script properties are displayed.

  7. Click Restrict access on the Selection tab.

  8. Enable the Assign access privileges check box. All user groups of this tenant are displayed. You can reduce the number of user groups by entering a filter string and using the filter options.

  9. Select the user groups that are to have access to the report.

  10. Click Add. The selected user groups are displayed in the Available to field.

  11. Click OK.

The report can be run by members of the selected user groups only.

See also

Change security settings