Users and privileges are managed centrally for all databases and ARIS products of an activated tenant. The role-dependent data access is controlled by access privileges and filters that are assigned per database in ARIS Architect on the .
In ARIS Architect, click ARIS > Administration.
ARIS Administration
Centrally manage users, user groups, privileges, licenses, and configurations for all databases of a tenant. This ensures single sign-on for various ARIS products. Users can also be created using an LDAP system.
'Administration' tab in ARIS Architect
When you create a database, all users and user groups from the user management are automatically imported into the database. assign function and access privileges, as well as filters to users and user groups in each database so that only authorized users can view certain database content or perform specified actions. Use the prefix management to track which user created or changed database items.
The administrator roles described in the following are defined via various privileges at the server and database level. Depending on the roles assigned to the administrators they can carry out specific functions.
superuser
The user superuser is created automatically. By default, this user is assigned the User management, License management, and Configuration administrator function privileges. This user can also enable this function privilege for other users. Users of the superuser type do not use up a license. They manage the system administration, but cannot use ARIS products due to license restrictions. The default password is superuser. You should change the default password to prevent unauthorized access. The password of the superuser is very important, as it is the only user who cannot be deleted. You can change all user data except for the user name. The superuser can recreate the other default users (system, arisservice, guest) if they were deleted.
system
The system user system assumes the of the system administrator and has all function and access privileges in all databases of a tenant. Authorized persons can use this emergency user to log in to any database, even if you are using an external system, such as LDAP, for authentication.
The name system cannot be changed. The System user check box for this user (Function privileges properties page in ARIS Architect) cannot be disabled either. You should immediately change the password manager to prevent unauthorized access.
To avoid problems, you should create additional system users. Having more than one system user can avoid problems, for example, if one system user has forgotten his password. If you forgot the passwords of all your system users, the full range of functions is no longer available and full data access is no longer possible.
The following administrator roles are defined:
Database administrators
Database administrators require the Database administrator function privilege in ARIS Administration. Users with this role have all function and access privileges and can edit data of all databases of the client.
Database administrators perform the following tasks at the server level:
Create databases
Delete databases
Backup databases
Restore databases using backups
Reorganize databases
Users with defined function privileges can perform additional actions at the database level.
Configuration administrators
A Configuration administrator requires the Configuration administrator function privilege in ARIS Administration.
They perform the following tasks:
Define the modeling conventions and adapt the appearance to match the corporate design of the company.
Create filter
Arrange attributes for attribute editing
Change object symbol sorting
Import filters
Export filters and templates
Import templates
Create languages
Create font formats
Define the contents of ARIS Method that are available in the database.
Create model types
Derive model types
Derive object symbols
Create attribute type groups
Create attribute types
Create attribute type symbols
Define symbols for an attribute value
Define symbols for alternative attribute values
Change configurable method names in multiple languages
Script administrators
Script administrators require the Script administrator function privilege in ARIS Administration.
Script administrators perform the following tasks:
Write report scripts
Define report scripts (design view)
Delete scripts
Define rules (semantic check)
Define rule types (semantic check)
Define profiles (semantic check)
Define macros
Export scripts
Import scripts
Import script template
Export script template
Transfer custom or modified scripts of previous ARIS versions
Analysis publisher
Analysis publishers require the function privilege of the same name in ARIS Administration.
Analysis publishers perform the following actions:
Publish queries
Unpublish queries
Publish ad hoc analyses
Unpublish ad hoc analyses
Analysis administrators
Analysis administrators require the function privilege of the same name in ARIS Administration.
Analysis administrators perform the following actions:
Export query
Import query
Export ad hoc analysis
Import ad hoc analysis
Back up analysis and queries
Restore analyses and queries