This use case provides a comprehensive description of all procedures that administrators must carry out for a tenant so that all authorized employees can work with ARIS Architect.
We recommend that you use ARIS Administration to manage users, user groups, privileges, licenses, documents, configurations, and processes in ARIS Connect. This is what the use case is based on. Using User Management is advisable only for users of ARIS Risk & Compliance Manager, ARIS Publisher, PPM, and MashZone.
Scenario
After installation, the following system users exist: 'superuser' and 'system'. They are responsible for the user management of an activated tenant. The server was started, the password for the system usersuperuser has not been changed yet.
Change the passwords of the users superuser and system to prevent unauthorized access to the system. These users are created automatically after installation and have comprehensive function privileges and authorizations.
Click the user whose password you want to change.
Click Edit.
Enable the Change password check box. The Old password, New password, and Confirm password fields are displayed.
Enter a new password, and reenter it. If you want to use the webMethods integration, passwords must not contain a colon.
Click Save.
The password is changed. The user receives a notification by e-mail.
Click Start LDAP import. The button is active only if an LDAP system is configured on the server.
Select whether you want to import only users or user groups and associated users.
Select if you want to use the default filter or create a custom one.
Click Preview to check how many users or user groups are imported. The number is displayed, as well as up to 100 elements to be imported in alphabetical order.
Click Start import.
The users or user groups and associated users are transferred from the LDAP system according to the selected options.
Click Add user. The Create user form opens.
Enter the user name, first and last name, e-mail address, if applicable, and password. If a user that already exists in the LDAP system is created, the user name must match. The e-mail address is transferred automatically. For the other specifications you can enter any characters you wish because this information will automatically be transferred from the LDAP system after the user is created.
The user name does not necessarily have to correspond to a person's first or last name. In many cases, a randomly selected character string is used, or an abbreviation of the first and/or last name.
Click Save. The detail view of the user is displayed.
Click Start LDAP import. The button is active only if an LDAP system is configured on the server.
Select whether you want to import only users or user groups and associated users.
Select if you want to use the default filter or create a custom one.
Click Preview to check how many users or user groups are imported. The number is displayed, as well as up to 100 elements to be imported in alphabetical order.
Click Start import.
The users or user groups and associated users are transferred from the LDAP system according to the selected options.
Click User management, and select User groups. The list of user groups opens.
Click Add user group.
Enter the name of the user group and an optional description.
Click the user whose user group association you want to change.
Click Associated user groups.
Click Edit assignment. The Associate user groups dialog opens.
Enable the check boxes of the relevant items in the Available user groups box, and click Add. The user groups are transferred to the Associated user groups box.
Click the user you wish to assign function privileges to. The user data (details) is displayed.
Click Privileges. The list of function privileges is displayed.
Enable/disable the check boxes of the privileges whose assignment you want to add/remove.
The user is assigned the selected privileges. This provides the user with privileges for functions (for example, the Database administrator function privilege).
Click Navigation in the bar panel if the Navigation bar is not activated yet.
Right-click the group for which you want to edit the access privileges, and select Properties.
Click Access privileges (users) or Access privileges (user groups) on the Selection tab.
Select the users/user groups for which you want to assign privileges.
Select the required access privileges. You can assign Read (r), Write (w), and Delete (d) access privileges. The Version (v) access privilege is available for versionable databases only. The selection is displayed in the Privileges column.
If you click the Pass on privileges button, the selected access privileges are applied to all subgroups. This also applies to all new subgroups created below this group in the future.
Click OK.
After the user logs in to the database again the changed access privileges will be in effect.
You have selected the appropriate perspective in the Perspective Wizard so that all relevant folders are displayed on the Administration tab.
You have selected the Configuration & Administration working environment in the Perspective Wizard.
You have the required privileges for the different tasks. The various privileges are listed in the procedure descriptions below.
Click Navigation in the bar panel if the Navigation bar is not activated yet.
Log in to the database.
In the Navigation bar, click Users or User groups.
In the table, right-click the user or user group, and select Properties.
Click Function privileges on the Selection tab.
In the Assign column, click the relevant function privileges. You can assign only function privileges that are assigned to you, too.
You cannot change function privileges for system users.
If you selected User in the Navigation bar and are logged on as system user, you can enable the System user check box. This user receives all function and access privileges.
Click OK.
The function privileges are now assigned.
For users to be able to view specific content of the database, you assign access privileges to them.