Which users can manage tenants?

The user superuser and users to which the required privileges are assigned by the user superuser can manage tenants.

If users with appropriate privileges start Tenant Management, they do this as the user superuser. This is facilitated by the Impersonation function privilege, which is assigned to relevant users on the infrastructure tenant.

What privileges and settings does the user 'superuser' require?

The user account for the user superuser is used to automatically perform tenant management for each tenant. For this purpose, the user superuser requires appropriate function privileges in the infrastructure tenant and in all operational tenants, and must have been defined as a target for impersonation.

  • Function privileges in infrastructure tenant

    For tenant management, the user superuser requires the following additional function privileges in the infrastructure tenant:

    • User administrator

    • Impersonation

    • Tenant administrator

    • Technical configuration administrator

    The user has additional function privileges by default, for example, License administrator.

  • Function privileges and settings in all operational tenants

    The user superuser does not require any license privileges, but does require certain function privileges. To ensure that each operational tenant, for example, default, is completely backed up, the user superuser needs the following function privileges in each operational tenant:

    • Analysis administrator

    • ARCM administrator

    • Collaboration administrator

    • Database administrator

    • Dashboard administrator

    • Document administrator

    • License administrator

    • Portal administrator

    • Process Governance administrator

    • Server administrator

    • Technical configuration administrator

    • User administrator

    If a function privilege is not assigned, for example, Analysis administrator, ad hoc analyses and queries for this tenant are not backed up. The number of function privileges depends on the relevant tenant's licenses. For this reason, not all of the specified function privileges may be displayed for every tenant.

    Settings in the user configuration

    The user superuser must be defined as a target for impersonation in every operational tenant, for example, default. Thus, all users that have the Impersonation function privilege in the infrastructure tenant inherit its privileges and can manage tenants.

What privileges and settings does an authorized user require?

Other users can also manage tenants if they are not created as users in operational tenants, because management is always carried out in the name of the user superuser using impersonation. The following requirements have to be met:

  • The users must be created in the infrastructure tenant.

  • The users have the required function privileges in the infrastructure tenant.

  • The user 'superuser' has the required function privileges in the infrastructure tenant and in all operational tenants, and has been defined as a target for impersonation in all operational tenants.

    The user account for the user superuser is used to automatically perform tenant management for each tenant. For this purpose, the user superuser requires appropriate function privileges in the infrastructure tenant and in all operational tenants, and must have been defined as a target for impersonation.

    • Function privileges in infrastructure tenant

      For tenant management, the user superuser requires the following additional function privileges in the infrastructure tenant:

      • User administrator

      • Impersonation

      • Tenant administrator

      • Technical configuration administrator

      The user has additional function privileges by default, for example, License administrator.

    • Function privileges and settings in all operational tenants

      The user superuser does not require any license privileges, but does require certain function privileges. To ensure that each operational tenant, for example, default, is completely backed up, the user superuser needs the following function privileges in each operational tenant:

      • Analysis administrator

      • ARCM administrator

      • Collaboration administrator

      • Database administrator

      • Dashboard administrator

      • Document administrator

      • License administrator

      • Portal administrator

      • Process Governance administrator

      • Server administrator

      • Technical configuration administrator

      • User administrator

      If a function privilege is not assigned, for example, Analysis administrator, ad hoc analyses and queries for this tenant are not backed up. The number of function privileges depends on the relevant tenant's licenses. For this reason, not all of the specified function privileges may be displayed for every tenant.

      Settings in the user configuration

      The user superuser must be defined as a target for impersonation in every operational tenant, for example, default. Thus, all users that have the Impersonation function privilege in the infrastructure tenant inherit its privileges and can manage tenants.