Managing Users Access Rights


After completing this lesson, you will be able to:

  • Define access rights to folders, diagrams, the dictionary, and dictionary categories

Managing Access Rights

This lesson describes how to define access rights to folders, diagrams, the dictionary, and dictionary categories. It also shows how to assign access rights to users and user groups. Select each following tab to begin.

Once users are assigned to a user group with specific access, the access rights cannot be taken away by adding the users to an additional group with less access, or by setting user-specific access rights.

If users get access to a diagram and they do not have access to the folder containing the diagram, they can only view the diagram and the diagram path. They don't have access to any other diagrams in this folder.

Practical Examples

Let's look at some practical examples on access rights based on folder structure and user groups. It is preferable to first decide on the folder structure before you begin to manage users and their access rights.

Best Practices for Managing User Groups

When dealing with many users, the provided user group functionality allows you to manage access rights easily.

With groups, you can:

  • Effectively manage many users.
  • Define their access rights by creating a group for each organizational role.
  • Set up a group hierarchy.

This simplifies assigning access rights and feature sets to users. You can also grant both groups and users access to read, edit, delete, and publish diagrams on a folder-level. 

BEST PRACTICE TIP: Depending on the folder structure and the access rights, it makes sense to nest user groups to grant different access rights on different folder levels.

Look at the groups' access rights below.

Both modeler groups are part of the group 'All Modelers' and have reading access to all folders and processes. Group A has an additional access right to edit processes in the public process folder, whereas the sensitive processes are edited by Group B only.

Watch the following video to see how to grant folder access.


Note: The next video contains audio.

Limiting Access

When you grant access to a folder, users have access to the complete folder. Another possible approach is to limit the access to specific folder content.

Watch the next video to see how to limit access to specific content.

Best Practice: Sandbox Setup 

Setting up a sandbox allows you to keep an organized and productive environment while still allowing multiple users to provide input. The sandbox approach can be used for both the dictionary and process repository. The steps for creating sandboxes in the dictionary are: 

  1. Create a subcategory for a dictionary category (for example, Sandbox Documents).
  2. In the user management tab, grant all users access to provide input.
  3. Restrict access to the parent category, for example, only give your process management team access to this.

Do the same for folders to create a playground for your modelers or to enable Collaboration Hub users to create quick model processes as well. 

Recommendation: A dedicated team with global access rights should go over the sandboxes periodically to transfer the approved content to the parent folder or category.

Watch the next video to see an example of how to set up your sandbox.

Access Rights for Diagrams and Folders

Below are the available access rights that you can give to your users and groups.

  • Hub (H): View published content in the Process Collaboration Hub.
  • Read (R): View unpublished content in the simulation tool, the revision comparison tool, the commenting view, and in the Process Collaboration Hub.
  • Write (W): Edit and save content in the Editor.
  • Delete (D): Delete and move content. To delete and move content between folders, users need wrote access for both folders and delete access for the folder from which the content is removed.
  • Publish (P): Publish diagrams in the Process Collaboration Hub.

Log in to track your progress & complete quizzes