Server administrators monitor the system and manage ARIS server and tenant data using various tools.
ARIS tenants are containers that provide their own ARIS Administration and ARIS data set, such as configuration, ARIS Method, databases, scripts, and so on. An ARIS server may have multiple tenants installed that access the functionality of the server, but their data is independent of each other.
After the installation of an ARIS server using the setup program two tenants are available:
The infrastructure master tenant manages administrative users and all other tenants.
The default tenant is available for operational use.
If you need additional operational tenants to provide different sets of databases, users, configurations or ARIS methods you can easily create them. Additional operational tenants require a new set of ARIS licenses. Licenses must be unique in all tenants.
If you have installed an ARIS server using an external database management system, all additionally created tenants are available as well. If you are going to create additional tenants for ARIS10.0 to migrate data from ARIS 9.8.7 or later, make sure to use identical names in both ARIS versions.
Administrators can manage tenants in different ways. For example:
Please make sure to
and for all tenants.This use case provides a comprehensive description of all procedures that administrators must carry out for a tenant so that all authorized employees can work with ARIS Architect. We recommend that you use ARIS Administration to manage users, user groups, privileges, licenses, documents, configurations, and processes in ARIS. This is what the use case is based on.
Scenario
After installation, the following system users exist: 'superuser' and 'system'. They are responsible for the user management of an activated tenant. The server was started, the password for the system user superuser has not been changed yet.
User management in ARIS Administration
Prerequisite
You have administrator function privileges.
Procedure
.
Click Application launcher >
Administration. ARIS Administration opens.
.
Change the passwords of the users superuser and system to prevent unauthorized access to the system. These users are created automatically after installation and have comprehensive function privileges and authorizations.
Click the user whose password you want to change.
Click Edit.
Enable the Change password check box. The Old password, New password, and Confirm password fields are displayed.
Enter a new password, and reenter it. If you want to use the webMethods integration, passwords must not contain a colon.
Click Save.
The password is changed. The user receives a notification by e-mail.
.
Click Licenses > Product.
Click Import license file. The corresponding dialog opens.
Select the relevant license file.
Click Upload.
The license file is transferred. It is shown how many licenses were imported, as well as which licenses could not be installed and why.
.
Click Add user. The Create user form opens.
Enter the user name, first and last name, e-mail address, if applicable, and password. If no password was specified for the user, a password is automatically generated for the first login and sent to the user. After the first login, the password must be changed. If a user that already exists in the LDAP system is created, the user name must match. The e-mail address is transferred automatically. For the other specifications you can enter any characters you wish because this information will automatically be transferred from the LDAP system after the user is created.
The user name does not necessarily have to correspond to a person's first or last name. To comply with the GDPR, a randomly selected character string is used, or an abbreviation of the first and/or last name.
Click Save. The details view of the user is displayed.
The user is created. If no password was specified for the user, a password is automatically generated for the first login and sent to the user. After the first login, the password must be changed.
Alternatively,
.Click Additional functions.
Click Start LDAP import. The button is active only if an LDAP system is configured on the server.
Select whether you want to import only users or user groups and associated users.
Select if you want to use the default filter or create a custom one.
Click Preview to check how many users or user groups are imported. The number is displayed, as well as up to 100 elements to be imported in alphabetical order.
Click Start import.
The users or user groups and associated users are transferred from the LDAP system according to the selected options.
.
Click User management and select User groups. The list of user groups opens.
Click Add user group.
Enter the name of the user group and an optional description.
Click Save.
The user group is created.
Alternatively,
.Click Additional functions.
Click Start LDAP import. The button is active only if an LDAP system is configured on the server.
Select whether you want to import only users or user groups and associated users.
Select if you want to use the default filter or create a custom one.
Click Preview to check how many users or user groups are imported. The number is displayed, as well as up to 100 elements to be imported in alphabetical order.
Click Start import.
The users or user groups and associated users are transferred from the LDAP system according to the selected options.
.
Click the user whose user group association you want to change.
Click Associated user groups.
Click Edit assignment. The Associate user groups dialog opens.
Enable the check boxes of the relevant items in the Available user groups box, and click Add. The user groups are transferred to the Associated user groups box.
Click OK.
The user group is assigned to the user.
.
Click the user you wish to assign function privileges to. The user data is displayed.
Click Privileges. The list of function privileges is displayed.
Enable () the check boxes of the privileges whose assignment you want to add.
The user is assigned the selected privileges. This provides the user with privileges for functions (for example, the Database administrator function privilege).
.
Click the user you wish to assign license privileges to. The user data is displayed.
Click Privileges. The list of function privileges is displayed.
Click License privileges.
Enable () the check boxes of the privileges whose assignment you want to add.
The user is assigned the selected privileges. This provides the user with access to the ARIS products relevant to him.
Users can now log in with their assigned privileges.
For each ARIS database, you can grant access privileges to user groups or users. Product-specific privileges are assigned in each ARIS product.
User management in ARIS Architect
Procedure
These actions can also be carried out by users with the Database administrator and User administrator function privileges.
Start ARIS Architect.
Log in as system user and connect to the default tenant.
Please use the new password that you just changed in ARIS Administration. ARIS Architect starts.
Database administrator function privilege can do so.
All users with theClick ARIS > Administration or ARIS >
Explorer.
Click Navigation in the bar panel if the Navigation bar is not activated yet.
In the Explorer tree, right-click your connection to the ARIS server and select New >
Database.
Enter a name. Do not use any special characters.
Enable the Versionable check box if you want the content of the new database to be versioned.
Click OK. The database is created and displayed in the Navigation bar, either as a non-versionable or
versionable database.
All users and user groups are automatically transferred from ARIS Administration.
Assign access privileges.
Assign function privileges to users and user groups.
Assign filters to users and user groups.
The database is available to authorized users.
User administrator function privilege.
. These actions can be carried out by all users with theClick ARIS > Explorer.
Log in to the database.
Click Navigation in the bar panel if the Navigation bar is not activated yet.
Right-click the group for which you want to edit the access privileges, and select
Properties.
Click Access privileges (users) or Access privileges (user groups) on the Selection tab.
Select the users/user groups for which you want to assign privileges.
Select the required access privileges. You can assign Read (r), Write (w), and Delete (d) access privileges. The Version (v) access privilege is available for versionable databases only. The selection is displayed in the Privileges column.
If you click the Pass on privileges button, the selected access privileges are applied to all subgroups. This also applies to all new subgroups created below this group in the future.
Click OK.
After the user logs in to the database again the changed access privileges will be in effect.
In ARIS Architect, click ARIS > Administration.
Click Navigation in the bar panel if the Navigation bar is not activated yet.
Log in to the database.
In the Navigation bar, click Users or
User groups.
In the table, right-click the user or user group, and select Properties.
Click Function privileges on the Selection tab.
In the Assign column, click the relevant function privileges. You can assign only function privileges that are assigned to you, too.
You cannot change function privileges for system users.
If you selected User in the Navigation bar and are logged on as system user, you can enable the System user check box. This user receives all function and access privileges.
Click OK.
The function privileges are now assigned for this database.
For users to be able to view specific content of the database, you assign access privileges to them.
In ARIS Architect, click ARIS > Administration.
Click Navigation in the bar panel if the Navigation bar is not activated yet.
Log in to the database.
In the Navigation bar, click Users or
User groups.
In the table, right-click the user or user group, and select Properties.
Click Method filter on the Selection tab.
In the Assign column, enable the checkboxes of the relevant filters.
Click OK.
The selected filters are assigned. Users can now log in using these filters.
You can select a default filter for each database. This filter is automatically assigned when you create users and user groups.
All users with the corresponding privileges can work with ARIS Architect.
For new databases, these privileges must be assigned by authorized users.
You can use only one license type for each product. Exceptions are the Named user and Cross-client license types.
License types for client products
The license types for client products must be assigned manually to users or user groups. You can increase the number of licenses by installing additional licenses.
Named user
Users assigned to this license type have guaranteed login as the license is registered in their name. The number of licenses that can be assigned is specified in the license file.
Concurrent user
For this license type, the number of users who can log in at the same time is specified. The assigned users share the available licenses. If the number of users logged in is the same as the number of available licenses, no other users can log in. The user must wait until another user logs off. However, the administrator can end the sessions of users.
Difference between 'Named user' and 'Concurrent user' license type
Concurrent user |
Named user |
|
---|---|---|
Assignment |
Via user or user group |
Via user or user group |
License volume |
Unlimited |
Limited number |
Guaranteed login |
No |
Yes |
Term of guaranteed login |
Current session |
Unlimited |
Cross-client
This license type corresponds to a license of the Named user type. However, it can be imported and used for various tenants. It is intended for administrators who manage several tenants. The assigned users can log in with all tenants.
Server licenses
The license types for server products are activated automatically after the import.
Dependencies within privileges
There are certain license privileges that you cannot assign to a user in combination with others. For example, you cannot assign ARIS Architect and ARIS Designer to a user at the same time.
You can only activate the subgroups of a license privilege if the superior license privilege is activated. If you remove a superior license privilege of a user, the user also automatically loses the assignment to the subgroups.
If you are not yet familiar with this topic, why not log on to the Software AG Learning Portal and take a look at a product training course? Many basic trainings are free of charge, such as ARIS Administrator Basic (E735A-77E).