To assure that information is shown to authorized persons only, users need to select a role-based profile when logging in. For each user a specific set of profiles is generated.
A profile filters the information to be displayed and defines the number of available model types, symbols etc.
The number of profiles depends on the number of exported databases, the number of user groups a user is assigned to, and the number of filters assigned to each user group. Each profile includes the name of an export. Unlike the ARIS standard behavior concerning privileges and filters, ARIS Business Publisher controls the role-specific login based on user groups only. Privileges and filters that were assigned to users individually are ignored during login.
The user 'p.sonntag', for example, is a member of the 'Process Manager' and 'System Responsible' user groups. Thus, he inherits the filters 'ARIS for SAP', 'Demo database' and 'Entire method'.
The 'Easy filter' is not part of any profile as it has been assigned directly to the user, but not to the user group. After logging in to the Publisher export, only access privileges inherited from the user group will be recognized. Privileges assigned individually will be ignored.
If Peter Sonntag uses a profile containing the 'System Responsible' user group, he will be able to view the contents of all database groups for which the user group has at least the 'Read' access privilege. Based on the combination of user groups and filters, Peter Sonntag can choose from his specific set of export profiles for the relevant database.
If he uses the 'System Responsible (Entire method)' profile, he will see all of the contents this user group has access to. All ARIS method items will be available. If he selects the profile of a user group with restricted access privileges, e. g., 'Process Manager', he will be able to open only models stored in the groups 'Processes' and 'Organization'.
However, the navigation tree will also show groups the user group has no access to. These groups are visible only because they contain shortcuts to models stored in groups that are assigned the required access privileges. The model shortcut 'SIPOC Billing', for example, opens the model 'Billing' stored in a subgroup of the 'Processes' group.
This video showed you that the role-based login is controlled via user groups only. Of course, this is also the case if you are using central user management or an LDAP system.
