Creating and Managing Groups

Go Up to Establishing Security for the Repository

Groups make it easier to handle permissions in the Repository Security Center. You can assign roles to a group at the Repository, Project, and Diagram levels, and then add or remove users from the group to apply the settings to the user quickly and easily.

You can create groups in the following ways:

• Create a group in the Repository Security Center, and then manually add users.
• Create a group with the same name as an LDAP/Active Directory group, and any LDAP/Active Directory users that are added to the Repository would automatically be members of that group based on the LDAP/Active Directory settings.

Create, Update, and Delete Group

To create a group

1. Select Repository > Security > Security Center.
2. On the Manage Groups tab, click New.
3. Provide a name for the group and optionally, a description of the group.
4. If you want to create a group based on an LDAP/Active Directory group, click Directory Service Group. Note that an option becomes available at the bottom of the dialog for you to Create Repository Users for all members of this Directory Service Group'. If you select this option, then repository users in this group are automatically added to the list of Repository users. If you do not select this option, then you must create the users manually. As you add LDAP/Active Directory Service users, they are added to the Repository groups that correspond to the LDAP/Active Directory Service groups of which they are members.

If you want to manually populate the group, do not select Directory Service Group, from the list of Available Users, but rather select the group members by Ctrl-clicking each user, or click the double right-facing arrow to select all the users. You can also remove group members by clicking the left-facing arrow.

To edit a group

1. On the Manage Groups tab, select the group, and then click 'Edit.
2. Make the necessary changes, and then click OK.

To delete a group

• On the Manage Groups tab, select the group, and then click Delete.

Deleting a group does not delete the group members but the group members no longer have the permissions afforded to them by the group membership.

Assigning a Role to a Group

Assigning a role to a group grants the group all the permissions selected in the role.

To assign a role to a group

1. Select Repository > Security > Security Center.
2. Select the Repository item to which you want to assign permissions.
3. If the group is not currently assigned a role, on the Repository Security tab, click the group name in the Available Users column, and then drag it onto a role name in the Available Roles column.

   If the group is already assigned a role, on the Repository Security tab, click the group name in the Available Roles column, and then drag it onto another role name in the Available Roles column.

4. Click Apply, and then click OK.
5. Notify users in the group that they must log out and then log in again to receive the security updates.

Granting and Prohibiting User Access to Repository Items

On the Repository Security tab of the Security Center, users with the appropriate privileges can assign other users the appropriate access privileges for different objects, granting them permission to perform specific operations on a Repository item and prohibiting them from performing other operations on the same object. You can assign the access privileges of a role to individual users or to an entire group.

Assigning Users/Groups Roles for Accessing Repository Items

To assign users or group roles

1. Log in to the Repository.
2. Select Repository > Security > Security Center.
3. On the Manage Roles tab, explore the available roles to determine if an existing role provides the access you want to grant the user. If necessary, create a new role with the appropriate permissions.
4. On the Manage Groups tab, explore the available groups to determine if an existing group encompassed the users you want to authorize. You can double click the name of a group to see the members of the group in the Edit Repository Group dialog. If necessary, create a new group. Assigning a role to a group is more efficient than assigning the role to the users one at a time.
5. On the Repository Security tab, view the Repository Object area, and then select the Repository item (diagram, object, submodel, data flow, transformation, or data dictionary) to which you want to grant or prohibit access.
6. In the Available Users area, select a group or user to which you want to assign the role to the selected object, and then drag it onto the appropriate role in the Available Roles area.
7. To remove the role assignment of a user/group to a Repository item, click the Repository item, and then drag the user/group name from under that role onto another role in the Available Roles area or back onto the Available Users list.

Note:

• All permissions available to a user through direct assignment to roles are added to the permissions available to any groups of which the user is a member. Permissions are additive, so the user gets all the permissions assigned to the user whether they were assigned through a group or directly to the user.
• A user or group can only have one role for each object. But a user or group can have different roles for different objects.
• If a user is listed in the Available Users area, but is unselectable, that user account is deactivated and must be reactivated before you can modify the user.

Prevent Users from Accessing Specific Repository Items

The system-defined No Access role prevents a user from accessing selected projects or diagrams.

To apply the No Access role to a user

1. Log in to the Repository.
2. Select Repository > Security > Security Center.
3. In the Repository Object area, navigate to and then click to select a project or diagram you want to secure from specific users.
4. From the list of users in the Available Users area, click a user name or use CTRL-click several names to select, and then drag the users onto the No Access role in the Available Roles area.
5. Repeat these previous steps as required to secure other diagrams and projects.
6. Click Apply, continue changing security settings if required, and then click OK to exit the security center.

Note: If a user is assigned the No Access role for an object, but that user is a member of a group with permissions for the object, then the user has all permissions assigned to the group. All permissions available to a user through direct assignment to roles are added to the permissions available to any groups of which the user is a member. Permissions are additive, so the user gets all the permissions assigned to the user whether they were assigned through a group or directly to the user.

Change User/Group Access to Repository Items

To change user/group access to Repository items

• Change the permissions of the role the user/group has for the Repository item or assign another role to the user/group for that particular Repository item. If required, you can force the user log out on the Manage Users tab of the Security Center, and then change the user's access privileges.

See Also

• Creating and Managing Roles
• Creating and Managing Users