ARIS Process Mining in action - Live Demo
Register
ARIS Process Mining in action - Live Demo
Register
ARIS Process Mining in action - Live Demo
Register
View all
Join now

Restricting access to folders (groups)

AW
Posted by Az Was
Posted on in Administration & User Management

Hello,

I'm trying to configure a user group to have a limited set of permission to specific set of folders (groups) within a database. Is this something that is possible?

A short background of what we are trying to do. For the main database, we implicitly trust the architects using it to be competent enough, due to training and background, to be given full edit permission to all the groups within the database. We want to try to expand access and usage of ARIS by giving a select few business process owners the ability view the models created by the architects and create their own models. In short, we want to  give these process owners read only permission to the architect folders and read+write permission to specific folders (preferably these folders are set up by admins) within the same database.

Can this be done? We are currently using ARIS 10. I've looked at several post that sounds like the try to achieve this but it looks like they were not successful:

https://www.ariscommunity.com/users/ampellerito/2015-10-22-user-managementaccess-control-best-practices
https://www.ariscommunity.com/users/anandraju/2013-10-23-grant-user-access-read-only-selected-models
https://www.ariscommunity.com/users/s0003534029/2014-11-26-restricting-access-databases
https://www.ariscommunity.com/users/simonquarmby/2019-05-09-what-do-aris-connect-database-privileges-mean

Thank you in advance for any help

Regards,
Az

2.4k
6
Profile picture for user André Vitor
by André Vitor Oliveira
Posted on Fri, 02/28/2020 - 22:38

Hi Az,

In this case I don't see any kind of problem or limitation to handle the permission as you want. The users can be part of an user group and have to set the RW privileges to desired folders via user group..
e.g: If the Archtiects are owners of the Folder X with RWD and the Designer users has RW on the same folder, then means that Designer users can open and edit the same models as Architects users because belongs on the same folder...

Please let me know if need something else ...

BR

AO

 

0
AW
by Az Was Author
Posted on Mon, 03/02/2020 - 12:29

Hi Andre,

Thank you for your response. However, I can't seem to find how you can associate desired folders to specific user group as you mentioned. Take the following hierarchy as an example:

organisation.ariscloud.com
    > Main database
        > Folder A
        > Folder B
        > Folder C

User group that have been created:

  • Architects
  • Process owners

I want the architects to have full rights on all folders but process owners to only have RW on folder B so that they can't see folder A and C.

ARIS seems to only allow granting the permission to the entire database (please see attached images below) which means RW will be given to all folders within the database not just folder B. Am I missing something here? Thank you.

 

0
Profile picture for user rbe
by Runé Becker
Badge for 'Mastermind' achievement
Posted on Tue, 03/03/2020 - 09:50

On the portal you can only grant access on a high level. Please use ARIS Architect to grant access to specific folders of a database.

Cheers
Rune

0
Profile picture for user André Vitor
by André Vitor Oliveira
Posted on Tue, 03/03/2020 - 21:08

Hi Az,

The Rune is right you have to use the Aris Architect to expand the database privilegies and define wich permissions need, in case the screenshot from your Portal only means the 'Database' privilegies...

See my screenshot from the ARIS Architect:

BR

AO
 

0
Profile picture for user rbe
by Runé Becker
Badge for 'Mastermind' achievement
Posted on Wed, 03/04/2020 - 11:08

And the report Output group information started on Main group shows data access per user groups/users:

 

Cheers
Rune

0
Profile picture for user pcornejo
by Pablo Cornejo
Posted on Tue, 03/16/2021 - 21:21

Hi Andre!

For group permissions it is correct but for user permissions I have a problem with imported LDAP users. Not so for a user created from ARIS. How could I edit the permissions of a synced user from LDAP?

0

Featured achievement

Rookie
Say hello to the ARIS Community! Personalize your community experience by following forums or tags, liking a post or uploading a profile picture.
Recent Unlocks

Leaderboard

|

View posts by tag

icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock