Analyzing and designing structures and flows using models is a work-sharing process carried out by experts in various specialist areas. So that everyone can work securely within a defined environment, Innovator offers role-based authorization management.
Analyzing and designing structures and flows using models is a work-sharing process carried out by experts in various specialist areas. Roles can be used to make sure that the various different people are working in a defined environment. The respective user can use a role so that they have privileges in a modeling tool; this role provides the user with functions and model views tailored towards their needs.
Roles ensure that a user has certain basic rights, e.g. the right to configure a model. Assigning a role to special functions allows for execution rights and differentiations between roles. Assigning access rights justifies using certain model views.
Users can always have read access to model data when they are logged into the model.
The modifying access to data of a model is controlled by a multi-stage, role-based permissions system.
To gain access to the contents of a model, you must log in with a user name to the model. Initially it does not matter if you want to read the model data only or also change.
A password can be associated with each user to protect access to the model.
Innovator manages always two default users that are present in each model:
The standard user Model Administrator has all rights for use and configuration of the model. Therefor he should always have a password.
The standard user Guest has only the "read-only right" and no further rights. He is the only user who can log-in to the model more than once. The read permission can be restricted by the model administrator.
As a guest you can read the model without the risk of changing something accidentally. You must select a different user to work in the model.
Each user can be assigned either no, one or multiple roles in Innovator. The model administrator sets a user's role assignment in the user administration.
Apart from the standard users, Model Administrator and Guest, all other users in Innovator must be assigned a role to be able to login to a model.
The role currently used by a user must give them the appropriate rights so that they can
Access rights for one or various roles can be assigned for each individual model element.
A user can only change an element if their currently used role has the access right to that element. You require appropriate privileges for certain procedures (see below).
The following rules apply when granting or withdrawing access rights to elements.
The model administrator always has all privileges and access rights.
The model administrator can grant and withdraw access rights for all elements.
Only the model administrator can withdraw access rights.
If a user creates an element, the role which the user is logged-in as gets the access right to this element.
If a user has the access right to an element in their currently used role, then they can grant access rights to the element to all of their roles.
The existing access rights to a model element are displayed in the Properties and Info tool windows.
The Access Rights tool window view in the Model Contents tool window allows the model administrator to grant and withdraw the access right for user roles at the package level.
The Access Rights tool window view in the Model Contents tool window allows the model administrator revoking and granting the read permission (visibility) at the packet level for user roles. Thus facilitating the rough division of models. In this way, whole sections can be easily hidden for certain roles.
The tool window view appears only when logged in as Model Administrator or with temporary administrator rights.
The standard user Guest has reading rights to the intersection of the reading permissions of all roles in the model, therefore, he has a reading permission for the packages where all roles have a reading permission. This may mean that a guest can only see the root node of the model.
Execution rights are managed in Innovator models. Execution rights for one or various roles can be assigned for create templates, verification routines, engineering actions and documentation commands. A role can only carry out the corresponding function if it has the execution right for the element.
A user can only use the execution rights of their currently used role.
Role-based execution rights are a direct part of the model configuration and are only assigned in the configuration editor.
You require the Configurating privilege to be able to grant execution rights (see below). You must be logged-in as the model administrator to be able to withdraw an existing execution right (i.e. have the Configurating privilege).
Execution rights are managed based on roles in Innovator. This makes it possible to tailor menus (ribbon and context menu) to suit individual roles and design them in a clear way.
The execution right is also used when creating new elements in selection dialogs. Only the create templates for which the user has execution rights in the currently used role are offered.
Various processes which require special privileges can be applied to a model's elements in Innovator. The following privileges can be assigned to the user via their role.
Viewing Changesets privilege
View change log with change sets for model changes
Annotating privilege
Create, modify and delete annotations for diagram elements
Configuring Database Connections privilege
Managing database connections (only relevant in Innovator for Database Architects)
Configurating privilege
Modify configuration (profiles including verification routines and documentation) of models
Labeling privilege
Assigning labels
Translating privilege
Translate model elements
Versioning privilege
Import elements or element groups from versioned model fragments, import and export model fragments
Bulk Commands privilege
Using commands that lead to long runtimes in large models owing to high traffic, e.g. searching without element type constraint, Edit Section Exclusively, Add Contents Recursively to the result region and simultaneously modifying more than 1,000 elements in the Properties tool window.
Model Comparison privilege
Comparing model elements (can lead to long runtimes in large models)
Dependencies Editor privilege
Using the dependency editor (can lead to long runtimes in large models)
Each role can individually have privileges granted or withdrawn.
A user can only use the privileges of their currently used role.
The role-based privileges are granted or withdrawn in the user management only.
The user management requires model administrator rights and can be accessed from the administration program and the configuration editor.
You need administrator rights for the model to
You can get access rights for the model by logging-in as model administrator and entering the model administrator password.
You need administrator rights for the repository to
This right is only assigned and required in the administration program.
If your network's user management uses the Lightweight Directory Access Protocol (LDAP) then you can load the user names you require from this source.
If users and roles already exist then you, as model administrator, can assign roles in any order.
In contrast, if no information is available or this information is incomplete, proceed in this order:
You can back up user and role information and their privileges in the administration program (Administration>Manage Model>Manage Users menu item, Extended, Group Configuration File tab). This file also contains passwords for the users (apart from the administrator) and roles. You can reload the file in any other model so that it can also be made available in a new model.
© 1986-2014 MID GmbH Nuremberg Germany. DIN EN 9001 certified. All rights reserved.