IF

Hi,

We have configured the access security to an ARIS database in the following way.

ARIS Connect: Access rw-

ARIS Architect: no access in some groups.

The display in ARIS Connect is correct, only the groups that have been allowed access are visible and not those that have been restricted with ARIS Architect. The problem appears when searching in ARIS Connect for a model located in an inaccessible group (without permissions), it is presented on the screen.

How is it possible to avoid this problem?

Best regards

by M. Zschuckelt
Posted on Mon, 02/08/2021 - 00:06

Hello Isidre,

your description is a bit awkward - maybe resulting from a misunderstanding:

ARIS Connect and ARIS Architect are client products. They have nothing to do with the authorizations to resources a user has received. In fact: The same user should see the same content whether he uses ARIS Connect Portal or ARIS Architect.

Access to content is based on groups (let me call them "folders" for now in order to avoid mixing them with the term "user group") of the database. Each folder knows a set of access permissions. Every user or user group (as defined in the UMC) can be granted permissions such as RW for each single folder. A user that is a member of a user group gets all permissions granted to this user group as well as the permissions granted to him individually. If he is a member of multiple user groups, his permissions add up from all those.

So in the Connect Portal Search the user will see results from all groups where he has at least a read permission - either individually or through at least one of the user groups he is a member of.

If you have a user, who has the "system" privilege on the database or who has the function privilege "Database administrator" on the ARIS tenant, he can see the entire content of the database - no matter which privileges were assigned to him individually or via user groups.

I hope this clarifies things a little bit. It always boils down to the question of which privileges the individual user has for a particular database folder where the object in question (object or model) resides.

Regards,

M. Zschuckelt

0
by Isidre Fabregues Author
Posted on Mon, 02/08/2021 - 14:23

In reply to by M. Zschuckelt

Thanks for your comments.

Possibly my English is less than correct and I have not explained myself adequately.
The problem detected is:
The DB is given rw permissions using ARIS Connect.
Subsequently, some folders in the DB are withdrawn permissions (--- using ARIS Architect as system)
Using the ARIS Connect search, it is possible to see models located in the excluded folders, but the excluded folders are not displayed in the folder view on the left.

Regards

0
by M. Zschuckelt
Posted on Mon, 02/08/2021 - 15:57

Hello Isidre,

I suppose in Connect you used the "Database permissions" to grant the permissions to some user or user group?

In this case these permissions for this user or user group were written to all database groups (folders).

Next assumption: You removed the permission for the same user or user group using Architect on those excluded folders. Is it possible that these folders have further subfolders where you did not revoke those read/write permissions and that the artifacts found in the search are contained in those?

If you want to apply a change of permissions to an entire sub-tree of folders, you have to select "pass on privileges" in the Architect dialogue when you remove the permission from the root folder of the folder structure you want to change.

Does this help?

Regards, M. Zschuckelt

0
by Isidre Fabregues Author
Posted on Tue, 02/09/2021 - 21:27

Thank you,
we had a wrong configuration
Best regards

0

Featured achievement

Genius
You like to help others solve their problems by answering questions.
Recent Unlocks
  • KF
  • KH
  • RG
  • Profile picture for user Vee_ARIS
  • Profile picture for user smarty
  • PacMan

Leaderboard

|
icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock