GS

Hello ARIS Community,

I’m working with a complex folder structure in ARIS, organized as follows: Business Line, Sector, Department, and Division. With around 1500+ users in our system, not everyone requires access to every folder. Instead, access should be limited based on specific needs. For instance, certain users need access only to folders within a specific sector.

Could anyone recommend the most efficient way to manage folder access in this scenario? I’d like to implement an approach that minimizes manual management and ensures security. Ideally, this would allow us to assign permissions by user groups or roles to streamline the process.

Any guidance on role-based access control or automation options in ARIS would be greatly appreciated.

Thank you in advance for your help!

Best regards,
Gautam Singh

by Klemens Hauk
Posted on Mon, 11/18/2024 - 13:20

I personally have no experience administrating such a user community to give you best practice advise.

My recommendation is to only define privileges on a user group level not on the level of individual users. So a user has the privileges based on the user group where she/he is the member. As a user can be member of more than one user group, she/he can have different privileges. For sure exceptionally you can define privileges on user level. Be aware that the highest (W overrides R) privilege is valid if a user is linked individually and in addition by a user group to a folder.  

The general functionality ARIS is providing, is to define access (rwdcv) and function rights starting on the root level down to each level of the folder structure (group level). The privileges defined on the group level are valid for all models in the group. No inheritance (passing privileges to underlying folders) is done. Example below shows the group "Architecture".

The privileges are set based on the user group AND for the specific group in the explorer (folder). The position of the folder in the hierarchy plays no role. So a user group can have Write privilege for all models of department A in business line X and only Read privilege for all models of department B in business line Y. The privileges are NOT passed to the underlying folders.

I guess that you have models on all levels of your folder structure.

As your folder structure is based on your organizational structure a first approach is to define the user groups in accordance with the folder structure e.g. all users of a specific department is one group.

In addition as a second layer you can define role specific privileges. Then you have to define a role specific user group (again a user can be part of several user groups), e.g. role "modeler" and set the Write privilege on the level of all specific departments (e.g. Finance) for all business lines. 

In the administration part of the Architect & Designer there is an easy way to set the privileges for a defined user group for ALL groups (folders) starting form the root level (below database HIBB / user group Test).

This describes more or less the ARIS functionality. 

You should also think about using the database level to reduce complexity of the explorer structure e.g. different databases for the different business lines.

Regards

Klemens

1
by Gautam Kumar Singh Author
Posted on Wed, 11/20/2024 - 08:07

In reply to by keha

Hello Klemens Hauk,

I have to mask the attributes (Created by and Last update) from the users who have only viewer access. but admin can view these attributes.

For viewer access user's I have also a group.
Please guide me how can I achieve this.

Thanks for support.

0

Featured achievement

Question Solver
Share your expertise and have your answer accepted as best reply.
Recent Unlocks
  • CP
  • BZ
  • Profile picture for user TEF_Bernd
  • ПЦ
  • CR
  • PacMan

Leaderboard

|
icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock