Creating and Managing Roles
Go Up to Establishing Security for the Repository
ER/Studio Data Architect lets you create customized roles with different sets of permissions. Repository Object Type Permissions are pre-defined privileges to operate on Repository items. You can assign them to a role, which gives users assigned to that role, permission to perform certain Repository operations. You can use the many available privileges to create specific roles to suit your environment.
For example, you can create and assign some roles like the following:
- Repo Level Basic, which has all of the Repository level permissions, assigned to the target user at the Repository level.
- Logical Only Modeling, which has all of the Diagram, Model, and Submodel level privileges that do not apply to the physical model, assigned to the target user at the diagram level for each diagram in the Repository or at least the ones that the target user is allowed to work on.
With the above roles and assignment, when the target user adds the diagram, the user can check it out, but cannot modify it. To allow the user modify the logical model immediately after adding it, the Admin would have to apply the "Logical Only Modeling" role to the target user at the Repository level.
- To access, create, update, and delete user information, a Repository administrator must have Repository Object Type Permission, Access Security Info and Update Security Info privileges.
Create, Update, and Delete Roles
- Choose Repository > Security > Security Center.
- Select the Manage Roles tab.
- Click New.
- Click an item in the Repository Object Type list and then in the Repository Object Type Permission area, assign the permissions you want to assign to the role for the selected object type.
- Repeat step 4 for each Repository Object Type.
- Click Apply and continue changing security settings and then when finished, click OK to exit the security center.
- To apply the new role to existing users, see Assigning a Role to a User/Group.
- Inform affected users that they should log out of the Repository and then log in again to receive the security updates.
Notes
- Once created, the Administrator can select the role and update, delete or rename it at any time. Renaming the role does not affect the privileges users have, but if you delete a role users who had access to Repository items through that role, will no longer have access to those items.
- Users cannot modify objects without the necessary permissions, regardless of whether the user has the objects checked out.
- To facilitate immediate access to a newly added diagram (not projects) the Admin should set up privileges as follows: If a user gets a submodel and wants to add an entity, the user must have Create Entity permission in the model containing the submodel, as well as Add Member permission in that submodel. If the user deletes an entity, the user must have Remove Member permission in that submodel. In addition, if the user wants to select the "Delete From Model" check box, the user must have Delete Diagram Object permission in that model.
- Once you delete a role from the Repository, it will no longer be in the database.
- To access/create/update/delete user information, a Repository administrator needs to have the Access Security Info and Update Security Info Privileges applied to the Roles.
- Before you delete a role, you must unlink any diagrams that are assigned to it and delete any users assigned to it.
- The following lists the Repository Object Types, the permissions you can grant, and the common operations these permissions give access to:
|
Repository Object Types |
Repository Object Type Permissions |
Permitted Operations |
|---|---|---|
|
Repository |
Access Security Info |
Security Center: View settings |
|
Update Security Info |
Security Center: View and change settings | |
|
Create Diagram |
Add Diagram | |
|
Update Diagram |
Check Out Diagram, Check In Diagram | |
|
Delete Diagram |
Delete Diagram | |
|
Create Enterprise Dictionary |
Create Enterprise Dictionary | |
|
Update Dictionary |
Check Out Data Dictionary, Check Out Dictionary Object(s), Check In Data Dictionary, Undo Check Out Data Dictionary, Redo Check Out Data Dictionary | |
|
Create Project |
Create Project | |
|
Delete Project: |
Delete Project | |
|
Project |
Add Project Member |
Add Diagram to Project |
|
Remove Project Member |
Remove Diagram from Project | |
|
Diagram |
Bind Enterprise Dictionary |
Create New Enterprise Data Dictionary, |
|
UnBind Enterprise Dictionary |
Remove Enterprise Data Dictionary | |
|
Compare Models |
Run Compare/Merge Wizard | |
|
Create Physical Model |
Create Physical Model | |
|
Delete Physical Model |
Delete Model | |
|
Set Named Release |
Set Named Release | |
|
Delete Named Release |
Delete Named Release | |
|
Rollback Diagram To Named Release |
Rollback Diagram | |
|
Update Diagram Properties |
Edit Title Block Data, Edit Diagram Properties | |
|
Create Data Flow |
Create New Data Flow on the Data Lineage tab | |
|
Delete Data Flow |
Delete Data Flow from the Data Lineage tab | |
|
Data Dictionary |
Create Dictionary Object |
Create: Attachment Type, Attachment, Default, Rule, Data Movement Rules, Reference Value, User Datatype, Domain Folder, Domain, Reusable Trigger, Reusable Procedure, Library |
|
Update Dictionary Object |
Edit: Attachment Type, Attachment, Default, Rule, Data Movement Rules, Reference Value, User Datatype, Domain Folder, Domain, Reusable Trigger, Reusable Procedure, Library | |
|
Delete Dictionary Object |
Delete: Attachment Type, Attachment, Default, Rule, Data Movement Rules, Reference Value, User Datatype, Domain Folder, Domain, Reusable Trigger, Reusable Procedure, Library | |
|
Logical Main Model |
Create Diagram Object |
Create: Entity, View, Relationship, View Relationship, Subtype Cluster, Subtype, Title Block |
|
Delete Diagram Object |
Delete: Entity from Model, View from Model, Relationship from Model, View Relationship from Model, Subtype Cluster from Model, Subtype from Model, Title Block from Model | |
|
Update Diagram Object |
Entity Editor: Create/Modify/Delete: Attribute, Key, Key Attribute, Check Constraint View Editor: Modify View; Create/Modify/Delete: View Table, View Column Key Editor: Modify Key, Create/Modify/Delete Key Attribute Relationship Editor: Modify Relationship Subtype Cluster Editor: Modify Subtype Cluster Edit Model: Options, Properties | |
|
Create Submodel |
Create Submodel | |
|
Delete Submodel |
Delete Submodel | |
|
Logical SubModel |
Add Member |
Submodel Editor: Add to Submodel |
|
Remove Member |
Submodel Editor: Remove from Submodel, Delete Entity from SubmodelRemove Database View Delete: Relationship from Submodel, View Relationship from Submodel, Subtype Cluster from Submodel, Subtype from Submodel | |
|
Update Display Properties |
Move/Resize: Entity/Table, View, Title Block, Text Block, Subtype Cluster Color/Font Changes: Entity/Table, View, Title Block, Text Block, Relationship Line, View Relationship Line, Subtype Cluster Move: Relationship Line, View Relationship Line Create/Modify/Delete: Text BlockChange Model Notation, Perform Layout, Zoom, Align Objects | |
|
Physical Model |
Create Diagram Object |
Create: Table, View, Relationship, View Relationship, Schema Object, Title Block |
|
Delete Diagram Object |
Delete: Table, View, Relationship, View Relationship, Schema Object, Title Block | |
|
Update Diagram Object |
Create/Modify/Delete: Column, Index, Index Column, Check Constraint, View Table, View Column, Key Attribute, Key, Relationship, Subtype Cluster Edit Model: Options, PropertiesChange Database Platform | |
|
Create Submodel |
Create Submodel | |
|
Delete Submodel |
Delete Submodel | |
|
Physical SubModel |
Add Member |
Submodel Editor: Add to Submodel |
|
Remove Member |
Submodel Editor: Remove from Submodel Delete: Table from Submodel, View from Submodel, Relationship from Submodel, View Relationship from Submodel, Schema Object from Submodel | |
|
Update Display Properties |
Move/Resize: Entity/Table, View, Title Block, Text Block, Physical Schema Object Color/Font Changes: Entity/Table, View, Title Block, Text Block, Relationship Line, Physical Schema Object Move: Relationship Line, View Relationship Line Create/Modify/Delete: Text BlockChange Notation, Perform Layout, Zoom, Align Objects | |
|
Data Flow Model |
Create Data Flow Object |
Create: Data Flow, Data Lineage Component, Data Stream, Source |
|
Update Data Flow Object |
Edit Data Flow, Object, Transformation, Data Stream, Source | |
|
Delete Data Flow Object |
Delete: Data Flow, Data Lineage Component, Transformation, Data Stream Note: Deleting a table\entity component from the Data Lineage window does not delete the table\entity from the model. Note: The user must have permission to delete the diagram in order to update data flow objects in the diagram. | |
|
Data Flow Display |
Update Display Properties |
Move/Resize: Transformation, Component, Data Flow Color/Font Changes: Data Lineage Background, Component, Transformation, Data Stream Diagram And Object Display Options: Change any option in this dialog to control how the data lineage diagram displays.Perform Layout, Zoom, Align Objects, Layout Data Stream, Straighten Data Stream, Remove All Bends |
Assigning a Role to a User/Group
Assigning a role to a user/group grants the user/group all the permissions selected in the role.
- Choose Repository > Security > Security Center.
- Select a Repository item you want to assign permissions to.
- If the user/group is not currently assigned a role, on the Repository Security tab, click the user name in the Available Users column and drag it onto a role name in the Available Roles column.
- If the user/group was already assigned a role, on the Repository Security tab, click the user/group name the Available Roles column and drag it onto another role name in the Available Roles column.
- Click Apply and then click OK to exit the Security Center.
- Notify users/group members that they must log out and then log in again to receive the security updates.