ARIS tenants are containers that provide their own ARIS Administration and ARIS data set, such as configuration, ARIS Method, databases, scripts, and so on. An <_a_ server> may have multiple tenants installed that access the functionality of the server, but their data is independent of each other.
After the installation of an ARIS Server using the setup program two tenants are available:
The infrastructure master <_tenant> manages administrative users and all other tenants.
The default <_tenant> is available for operational use.
If you need additional operational tenants to provide different sets of databases, users, configurations or ARIS methods you can easily create them. Additional operational tenants require a new set of ARIS licenses. Licenses must be unique in all tenants.
If you have installed an ARIS Server using an external database management system, all additionally created tenants are available as well.
Administrators can manage tenants in different ways. For example:
System users and infrastructure tenant.
to whom the required privileges are assigned can log in to Tenant Management on theIf you installed ARIS using the ARIS Server setup program, the Tenant Management user interface is available. The Tenant Management user interface is run automatically with the user account of the superuser user. In order for other users to be able to log in, you must configure the infrastructure tenant. This assigns users in the infrastructure tenant privileges for impersonation, along with additional function privileges.
Once all operational tenants are configured, impersonation enables users to assume the account of the superuser system user in order to perform administration tasks. After the ARIS Server was updated, for all operational tenants make sure to specify superuser in the Impersonation target users field again.
If you want existing tenants that were not created using Tenant Management to be managed centrally, you have to adjust the configuration of these tenants.
You know the passwords for the system users system or superuser.
You have
.If you installed ARIS using the ARIS Server setup program, the Tenant Management user interface is available. The Tenant Management user interface is run automatically with the user account of the superuser user. In order for other users to be able to log in, you must configure the infrastructure tenant. This assigns users in the infrastructure tenant privileges for impersonation, along with additional function privileges.
Once all operational tenants are configured, impersonation enables users to assume the account of the superuser system user in order to perform administration tasks. After the ARIS Server was updated, for all operational tenants make sure to specify superuser in the Impersonation target users field again.
If you want existing tenants that were not created using Tenant Management to be managed centrally, you have to adjust the configuration of these tenants.
Procedure
Click the link that was provided to you or that you have saved as a bookmark in your browser (syntax: <server name>:<port>/tm). The Tenant Management login dialog opens.
The name of the infrastructure tenant is displayed. You cannot select any other.
Select the interface language. You cannot change the language once you have logged in.
Enter your user name and your password.
Clicking Forgot password enables you to reset the password.
Warning
If you reset the password for the user system or superuser, other users can no longer log in with these user names. Automated processes, for example, automatic backups, can no longer be performed.
Click Log in.
You can manage all tenants in the system.
The batch file y-tenantmgmt.bat can be used to manage tenants. Enter the tool name followed by /? or -? to see the usage instructions, for example y-tenantmgmt.bat -?.
Please use y-tenantmgmt.bat for Windows® operating systems and y-tenantmgmt.sh for Unix operating systems.
Warning
To avoid data inconsistencies and possible data loss, you must not perform any of the following activities in parallel, neither manually nor scheduled:
- Deleting any Process Governance process instance, process version, or process
- Archiving Process Governance process instances
- Backup/restore tenant (containing Process Governance or ARIS document storage data)
Using some advanced ACC commands, you can create a tenant, import a license and restore a database in one step. If you do not use the standard database system, please make sure to create additional schemes in your Oracle or Microsoft SQL database management system and you have assigned the tenants to these schemes.
You must redirect, redirect the ports in case of a Linux operating system.
Prerequisites
ARIS Server installation
Users need the function privileges License administrator, User administrator, Technical configuration administrator.
Users need to login as superuser or they need either an ARIS Architect license or an ARIS UML Designer license.
Procedure
Open a command prompt (Start > Run > cmd).
Enter y-tenantmgmt.bat followed by /? or -? to display the help, for example y-tenantmgmt.bat -?.
Enter y-tenantmgmt.bat -t <tenant name> <command> -u <user name> -p <password> to enter a command. Parameters may differ.
After creating a tenant, you must import the relevant license and create the users. You can do so from the command line or using the graphical user interface ARIS Administration.
You are recommended to change the password of the default user system immediately after the installation.
After the installation of ARIS the default tenant is available. If you need additional tenants to provide different sets of databases, users, configurations or ARIS methods you can easily create tenants. If you are going to create additional tenants for ARIS10.0 to migrate data from ARIS 9.8.7 or later, make sure to use identical names in both ARIS versions. You can also create tenants using the ARIS Administration's command line tools or Tenant Management.
Prerequisites
ARIS Server installation
Users need the User administrator function privilege.
If you use an external database system that was configured using the delivered database scripts (see ARIS Server Installation Guide. You can open or download documents from the Documentation Web site. Documents are also contained in the ARIS installation package (see Documents > English folder structure) that is available in the ARIS Download Center., assign the tenants to these schemes before running the command as described below.
Warning
For tenant names please only use up to 25 lowercase ASCII characters and numbers. The name must begin with a character. Special characters, such as _ and characters, for example, in Chinese, Cyrillic or Arabic cannot be used.
Procedure
Enter: create tenant <tenant name> username=<user name of a user holding the required privileges> password=<this user's password>.
Example: create tenant test01 master.tenant.user.name = admin master.tenant.user.pwd= tenantmanager123
You can even change parameters for the new tenant. You must specify additional parameters in case you use an external database management system, for example (Oracle):
create tenant test01 database.admin.user="system" database.admin.password="manager" dbinstanceid="db0000000000" database.schema.tablespace.default="ARISDATA" database.schema.tablespace.temporary="TEMP" database.schema.name=aris_test01" database.schema.password="*ARIS!1dm9n#yy"
The tenant test01 will be created.
The administrator must import licenses, create users and user groups and assign privileges and licenses for the test01 tenant.
Start a ARIS client and log in using this tenant. The system database will be created for that tenant.
The tenant is created and can be backed up.
You can back up tenant data using the ARIS Cloud Controller (ACC). If you want to include the user statistics, the property User statistics in backup (com.aris.umc.user.statistics.backup) must be enabled in the configuration (see ARIS help: ARIS Administration > Configuration > User management > Security > Advanced settings). Please note that no user can work on this tenant during the backup process.
Prerequisites
ARIS Server installation
Users need the following function privileges. The function privileges depend on the license. Therefore, you may not be able to assign all of the function privileges shown.
|
|
|
|
|
|
|
|
|
|
|
|
Warning
Do not store backup files in ARIS document storage.
Tenant data is fully backed up only if the user executing the commands has sufficient privileges for all components in every tenant and if all components were selected for the backup.
User administration audit events are not part of the tenant backup.
Extensions, for example, TLS/SSL certificates, SAP® Java Connector, and JDBC drivers, added using the enhance ACC command are not backed up.
To avoid data inconsistencies and possible data loss, you must not perform any of the following activities in parallel, neither manually nor scheduled:
- Deleting any Process Governance process instance, process version, or process
- Archiving Process Governance process instances
- Backup/restore tenant (containing Process Governance or ARIS document storage data)
Procedure
Enter: backup tenant <tenant name> to <pathToBackUpFile> encryption.key <encryption password or encryption key> username=<user name of a user holding the required privileges>password=<this user's password>
such as: backup tenant default to "f:\\backupDefault.acbcrypt" encryption.key=str3ngG3h31m username=y1234 password=managery1234. If values contain special characters, you must quote the strings and special characters. If a password for example is User&12345, you must enter password=\"User\&12345\"
Make sure to save the backup file on external media, such as a NAS or file server. Notice the double backslashes. Alternatively, use a single forward slash. If no file name is specified, the file name is generated as for unencrypted files, but with the file extension acbcrypt instead of acb. The encryption password must be at least 8 characters long and contain at least 3 out of the 4 following character classes: lower-case letter, upper-case letter, digit, special character (such as any non-whitespace, non-letter, non-digit character).
The backup is started. The complete backup is written to one single acb archive file. If you encrypted the backup file, the file extension is acbcrypt.
If a tenant backup containing Process Governance data takes a long time to complete, Process Governance downtime is likely to be long. To reduce Process Governance downtime while the backup is in process, you can set the Use snapshot-based backup mode property in the Process Governance configuration. For details, refer to the ARIS online help (Manage ARIS > Set up Process Governance > Valuable information >What infrastructure properties are available?).
You can restore this tenant using the related archive file. Using the restore tenant command will copy the content to an existing tenant. Process Governance backup archives greater than 2 GB might lead to insufficient TEMP space issue when restoring them into ARIS with Oracle back end. For such large backups, extend the temp tablespace size before restoring operation executed.
You can manage tenants also using the ARIS Administration's command line tools or Tenant Management tool.
You can restore tenant data or copy the content of this tenant to a different ARIS server. You need to have access to the relevant back-up archive file containing the data of a tenant:
Warning
No user can work on this tenant during the restore process. All current data of a running tenant will be deleted and replaced by the data of the backup file. Data related to ARIS Administration will not be deleted but merged. The tenant name and current user data will be untouched. If users were deleted after the tenant has been backed up, these users will be available again. Make sure to delete those users.
Process Governance backup archives greater than 2 GB might lead to insufficient TEMP space issue when restoring them into ARIS with Oracle back end. For such large backups, extend the temp tablespace size before restoring operation executed.
To avoid data inconsistencies and possible data loss, you must not perform any of the following activities in parallel, neither manually nor scheduled:
- Deleting any Process Governance process instance, process version, or process
- Archiving Process Governance process instances
- Backup/restore tenant (containing Process Governance or ARIS document storage data)
Prerequisites
You need access to the relevant back-up archive file.
ARIS Server installation
Users need the following function privileges. The function privileges depend on the license. Therefore, you may not be able to assign all of the function privileges shown.
|
|
|
|
|
|
|
|
|
|
|
|
Procedure
To restore the tenant, enter: restore tenant <tenant name> from <pathToBackUpFile> encryption.key <encryption password or encryption key> username=<user name of a user holding the required privileges> password=<this user's password>
such as: restore tenant default from "f:\\backupDefault.acbcrypt" encryption.key=str3ngG3h31m username=y1234 password=managery1234
or as an example for the use of an unencrypted acb file: restore tenant default from "f:\\backupDefault.acb" username=y1234 password=managery1234
Notice the double backslashes. Alternatively, use a single forward slash. If values contain special characters, you must quote the strings and special characters. If a password for example is User&12345, you must enter password=\"User\&12345\"
The tenant will be restored.
Make sure to change the standard user's passwords again.
The tenant is restored. You can also manage tenants using the Tenant Management tool or the ARIS Administration's command line tools.
If you have restored a tenant from an ARIS 10 SR5 backup file or earlier containing ARIS document storage data, you must adjust the timestamps manually (see y-admintool.bat command-line tool).
You can copy the content of a backed up tenant to a different ARIS Server. This procedure can also be used to migrate data in case of an upgrade installation. You need to have access to the relevant back-up archive file containing the data of a tenant:
All databases
All user data (users, privileges and licenses)
All ARIS document storage data including all access rights
All Process Governance data
All ad hoc analyses and queries
Extensions, for example, TLS/SSL certificates, SAP® Java Connector, and JDBC drivers, added using the enhance ACC command are not backed up.
Prerequisites
You need access to the relevant back-up zip file
ARIS Server installation
Users need the following function privileges. The function privileges depend on the license. Therefore, you may not be able to assign all of the function privileges shown.
|
|
|
|
|
|
|
|
|
|
|
|
Procedure
Create a tenant on the ARIS Server where the tenant will be copied to and import the licenses.
To restore Process Governance data, stop the Process Governance runnable first. To do so enter, for example: stop apg_m
Enter: restore tenant <Tenant name> from <pathToBackUpFile> encryption.key <encryption password or encryption key> username=<user name of a user holding the required privileges> password=<this user's password>
or as an example for the use of an unencrypted acb file: restore tenant default from "f:\\backupDefault.acb" username=y1234 password=managery1234
Notice the double backslashes. Alternatively, use a single forward slash. If values contain special characters, you must quote the strings and special characters. If a password for example is User&12345, you must enter password=\"User\&12345\". You must enter the user credentials of the server's ARIS Administration you have created the new tenant. If you are about to migrate data, you might use the standard name and password system/manager.
In case you restored Process Governance data, restart the Process Governance runnable. To do so enter, for example: start apg_m
All data of the backup file will be copied to the new tenant. Current data will be deleted except the name of the new tenant, as well as user credentials. The current user data will be untouched. If users were deleted after the tenant has been backed up, these users will be available again. Please make sure to delete those users.
In case of a migration process the default credentials will automatically be in use. To prevent unauthorized access to the ARIS system, after installation or data migration, always change the default passwords of arisservice user, guest user, system user, superuser user) on all operational tenants, as well as on the infrastructure tenant (master).
(Warning
To prevent unauthorized access to the ARIS system, after installation or data migration, always change the default passwords of arisservice user, guest user, system user, superuser user) on all operational tenants, as well as on the infrastructure tenant (master).
('system' user
The system user is created automatically. By default, the system user has all function privileges. This user can log in to Process administration, ARIS Administration, User Management, and ARIS Process Board. In ARIS Architect and ARIS Designer, this user has all access privileges for all database groups of all databases. This user only uses up a license if a license privilege is activated for this user. The default password is manager. You should change the default password to prevent unauthorized access. You can change all user data except for the user name.
Having more than one system user can avoid problems, if, for example, your single
system user has forgotten his password. You can create additional system users or copy the existing system user. If your only system user was deleted accidentally, create a new one by using the superuser. The user can only be deleted individually. Enable the Generate, if not available option ( Application launcher >
Administration > Configuration > User management > Users >) so that the user is automatically generated again at startup with the last saved
password.
'superuser'
The user superuser is created automatically. By default, this user is assigned the User management, License management, and Configuration administrator function privileges. This user can also enable this function privilege for other users. Users of the superuser type do not use up a license. They manage the system administration, but cannot use ARIS products due to license restrictions. The default password is superuser. You should change the default password to prevent unauthorized access. The password of the superuser is very important, as it is the only user who cannot be deleted. You can change all user data except for the user name. The superuser can recreate the other default users (system, arisservice, guest) if they were deleted.
'arisservice' user
The user arisservice is created automatically. By default, this user is assigned the Database administrator and Process Governance administrator function privileges. This user only uses up a license if a license privilege is activated for this user. The default password is arisservice. You should change the default password to prevent unauthorized access. You can change all user data except for the user name. The user can only be deleted individually. Enable the Generate, if not available option ( Application launcher >
Administration > Configuration > User management > Users >) so that the user is automatically generated again at startup with the last saved
password.
'guest' user
The user guest is created automatically. By default, no function or license privileges are assigned
to this user. This user serves technical purposes only. It is not for use by end users.
Logging in to ARIS or other Software AG products with this user is not allowed. Further information is available in the Software AG license terms (http://softwareag.com/licenses). The user can only be deleted individually. Enable the Generate, if not available option ( Application launcher >
Administration > Configuration > User management > Users >) so that the user is automatically generated again at startup with the last saved
password.
You can also create tenants using the ARIS Administration's command line tools or Tenant Management.
If you delete a tenant all tenant information are lost:
Databases
User data (users, privileges and licenses)
ARIS document storage data including all access rights
Process Governance data
Ad hoc analyses and queries
Prerequisites
ARIS Server installation
Users need the following function privileges. The function privileges depend on the license. Therefore, you may not be able to assign all of the function privileges shown.
|
|
|
|
|
|
|
|
|
|
|
|
Warning
If you delete a tenant all tenant information are lost.
Procedure
Back up the tenant in order to be able to restore data again.
Enter: delete tenant <Tenant name> username=<user name of a user holding the required privileges> password=<this user's password>
Deletes the specified tenant and all its associated data from the system. User name and password of an administrative user have to be specified using the parameters master.tenant.user.name and master.tenant.user.pwd, respectively. If values contain special characters, you must quote the strings and special characters. If a password for example is User&12345, you must enter password=\"User\&12345\"
Warning
If the optional force keyword is used, the security question Are you sure? is not displayed and the tenant and its data will be deleted without further prompting the user.
The tenant has been deleted.
You can also manage tenants using the ARIS Administration's command line tools or Tenant Management.
.
ARIS Administration is a tool to manage users, user groups, privileges, licenses, documents, and configurations for each tenant of all ARIS products. This ensures single sign-on for various ARIS products. Users can also be created using an LDAP system. ARIS Administration and the online help are available for users holding the User administrator and License administrator function privilege. After the installation only the administrative users superuser or system can login. For detailed information please refer to the ARIS Administration's online help.
Procedure
Open your browser and enter http://<IP address or fully-qualified host name>:<port number other than default>/#<tenant name>/adminSettings. You must enter the port number only if you have changed or redirected, redirected the standard port 80. The login dialog opens.
Enter the user name superuser and the password superuser. This user only has access to the ARIS Administration of the server.
Click OK. ARIS Administration opens.
Click the required tab.
You can manage users, user groups, privileges licenses documents and the configuration of this tenant.