Understanding Roles in Models

Analyzing and designing structures and flows using models is a work-sharing process carried out by experts in various specialist areas. So that everyone can work securely within a defined environment, Innovator offers role-based authorization management.

Roles in Work-Sharing Processes

Analyzing and designing structures and flows using models is a work-sharing process carried out by experts in various specialist areas. Roles can be used to make sure that the various different people are working in a defined environment. The respective user can use a role so that they have authorization in a modeling tool; this role provides the user with functions and model views tailored towards their needs.

Roles ensure that a user has certain basic rights, e.g. the privilege to configure a model. Assigning a role to special functions allows for execution rights and differentiations between roles. Access rights enable the editing of model elements. The restriction of read permission by the model administrator is a reason for the use of certain model views.

Users and Roles

Users can access model data if they are logged-in to the model and if read right has not been restricted by the model administrator.

Access changes to a model's data are controlled via a multi-level, role-based rights system.

To have access to the contents of a model, you must be logged-in to the model with a user name. This applies both for if you want to have read-only rights or wish to make modifications.

Innovator always has two standard users that exist in each model:

  • The standard user model administrator has all rights for use and configuration of the model.

    A normal user can switch to administrator mode and use the administrator's rights without having explicitly having to log out and log back in as a model administrator.

  • The standard Guest user only has read-only rights and no further rights.

    Multiple users can log-in to the model as guest. Model login as guest is deactivated by default so that the normal user only sees models which they can log-in to to make changes.

    As a guest, you can read the model without the risk of changing something accidentally. You must select a different user to work in the model.

    Note

    The standard Guest user has read rights corresponding to the intersection of user rights for all roles in the model, so to the packages for which all roles have read rights. This might mean that a guest can only see the root node of the model.

    Restriction

    As a guest, you cannot use the following functions, since you only have read rights:

    • Export to other formats (XMI, BPMN, Bpanda)
    • Creating annotations in diagrams
    • Generating documentation
    • Verifying models

    However, you can print diagrams and open attachments in order to read them.

The Role Concept in Innovator

Each user can be assigned either no, one or multiple roles in Innovator.

Note

Apart from the standard users, model administrator and guest, all other users in Innovator must be assigned a role to be able to login to a model.

The role currently used by a user must give them appropriate rights so that they can perform the following tasks:

  • View a package (part of a model; unrestricted read right for the package)
  • Execute a menu command which is based on a create template, a verification routine, an engineering action or a documentation command (execution right)
  • Use certain procedures (privileges for configuration, labels, annotations etc.)

The user can temporarily use read/execution/access rights for all roles assigned to them.

One of the user's assigned roles must have the access right so that they can modify a model element (access right to this element).

User role assignment is set in the user administration.

  • This is only set centrally with login rules for groups and users for models in single sign-on repositories. However, roles that should be used in a model need to be manually created for each model. A normal user cannot login to the model unless that have at least one role with the same name in the model.

    Note

    Please note that the model templates included within the scope of delivery already contain roles (and authorizations) in the profiles as standard. You should use these in the central user administration.

  • Users and roles and their assignments are always managed locally for models in non-single sign-on repositories.

    Please note that the model templates included within the scope of delivery already contain roles (and authorizations) in the profiles as standard.

Roles in Models

Models themselves are also involved in work-sharing processes and structures and organized in them i.e. also have roles.

Roles are characterized in various different ways. Differentiating external users of a system into actors (in a use case diagram) is a way of describing roles, such as role description for classes in an association (in a class diagram) or role description for a collaboration participant (in the BPMN diagram).

The role always shows the relevant properties of those involved in a system.

Related Topics Link IconRelated Topics