Impersonation

Users manage tenants on behalf of the user superuser. This requires the creation of these users in the user management for the infrastructure tenant, for example, master. To use impersonation, users require the Impersonation function privilege in the infrastructure tenant.

For Tenant Management, they also require the User administrator, Tenant administrator, and Technical configuration administrator function privileges.

In all other operational tenants, for example, default, the user superuser must be defined as the target for impersonation. Impersonation enables users to back up tenants in which they do not exist as a user.

If you installed ARIS using the ARIS server setup program, the Tenant Management user interface is available. The Tenant Management user interface is run automatically with the user account of the superuser user. In order for other users to be able to log in, you must configure the infrastructure tenant. This assigns users in the infrastructure tenant privileges for impersonation, along with additional function privileges.

Once all operational tenants are configured, impersonation enables users to assume the account of the superuser system user in order to perform administration tasks. After the ARIS server was updated, for all operational tenants make sure to specify superuser in the Impersonation target users field again.

If you want existing tenants that were not created using Tenant Management to be managed centrally, you have to adjust the configuration of these tenants.

To back up and restore the data, the superuser user requires the following function privileges in all operational tenants: