Configuring User Rules

You can manage the user root for your models in the central user list. You can make individual settings for users here.

Central User List

Maintain Innovator's central user list in the tab.

Normally, you transfer and update the users and their data from an external user configuration, e.g. via the Lightweight Directory Access Protocol (LDAP) from a network or subscription server, preferably using groups. Users imported from LDAP can be identified by an icon in the LDAP column .

When using single sign-on, only the users from the which are also permitted in and .

The user does not necessarily have to exist in the model. If needed, they are created upon login in the model.

Users can be assigned the and rights. To do this, select a user in the table and select .

You can create rules for a user. To do so, select a user and select the corresponding rules using >....

Please bear the information about rule evaluation in mind when creating rules and defining their order. Rules that were created directly for a user are used with priority. Group rules with the same applicability then have no effect.

General Procedures in Tables

Shortcut Keys

Commands in a table take effect exclusively with a selection of one or more entries in this table.

Purpose, Initial Selection and Shortcut Keys "Go to" target

Purpose: Go to the selected rule in the Groups or Users tab

Selection: group or user rule

Command: Go to User/Group (+M)

Rule in the relevant rule table in the Groups or Users tab

The corresponding group or user is selected in the Groups or Users tab.

Purpose: go to the rule in the Groups or Users tab that excludes the rule that cannot be reached

Selection: rule that cannot be reached of a group or user

Command: Go to excluding rule (++M)

Rule that excludes the rule that cannot be reached in the corresponding rule table in the Groups or Users tab

The corresponding group or user is selected in the Groups or Users tab.

Purpose: go to the group or user in the Members table of the higher-level group

Selection: higher-level group of a group or user in the Assigned to Groups table

Command: Go to User/Group (+M)

Group or user in the Members table in the Groups tab

The corresponding higher-level group is selected in the Groups tab.

Selection: higher-level group of a group or user in the Assigned to Groups table

Selection: user or group in the Members table

Command: Go to User/Group (+M)

Higher-level group of the group or user in the Assigned to Groups table in the Groups or Users tab

The corresponding group is selected in the Groups table or the corresponding user is selected in the User table.
Changing the Table Size

You can change the size of tables in the dialog by moving the separators.

The table separators can be controlled using the mouse and, if the table separator is in focus, using the keyboard arrow keys.

  1. To change the size of a table within the dialog with the mouse, click on the table separator and move it.

    The mouse pointer is displayed as a horizontal or vertical double arrow in accordance with the possible movement directions.

  2. To change the size of a table within the dialog with the keyboard, use the key to set the focus on the table separator and then move this using the arrow keys.

    The column separator is indicated by the dotted focus frame.
Sorting Tables
Filtering Tables

Supported Procedures in the Users Table

Creating or Changing Users

You can only change the system login, domain and user name in the model for a manually created user.

In addition to being transferred from an external user configuration, users can also be included in the user list manually.

You use manually created users to e.g. provide users with rules for Linux servers.

  1. To create a user, select .

  2. To change a user, select the user and then select .

    A dialog appears.

  3. Enter the name of the user in the system in the field.

  4. Enter the user's Windows domain in the system in the field.

  5. Enter the e-mail address of the user to be primarily used for the notification service in the field.

  6. Enter the display name used for the user login in the models in the field.

  7. Enter the language the notofication service e-mails should be sent in in the field.

    The entry in the field can also be modified for multiple selection of users.

  8. Activate the check box with the same name to assign the status to the user.
Deleting Users

You can delete users from the central user list.

Note that users can come from an LDAP server and might reappear in the user list as a result of the synchronization.

The deletion of LDAP users has no effect on the external user management.

  1. Select the users which you wish to delete in the table.

  2. Select .

    A confirmation dialog appears.

  3. Confirm the security question with or cancel with .

Supported Procedures in User Details

The details for the selected user are shown in the tab on the right-hand side.

Creating or Changing Login Rules

In exceptional cases, you create individual rules for logging into models for specific users. As a group member, a user normally already has rules as a result of their affiliation to a group.

Login rules for users define which roles are available for users when they log into a model as long as these roles are configured in the user management of the model.

In each case, you use a name or pattern to define which roles should be available to users for which project license servers, repositories and models. Only the asterisk (*) is available for the formulation of patterns. You use precise specifications about project license servers, repositories and models to restrict the applicability of the rule.

Please note that a newly created rule initially gives the user unrestricted access to all models, since the asterisk is the default setting for the drop-down lists.

Please note that due to the rule evaluation steps, the order of rules with an overlapping applicability is decisive and that direct user rules always take priority over group rules.

BEISPIELE?

  1. Select the user you want to create or edit a rule for in the Users tab.

  2. Select to create a login rule.

    A dialog appears.

  3. To change a login rule, select the login rule and select .

    A dialog appears.

  4. To define a rule that allows access, select the entry in the drop-down list.

  5. To define a rule that excludes access, select the entry in the drop-down list.

    A sensible exclusion rule requires a corresponding, accessible enabling rule for the user in a group.

  6. In the other drop-down lists, use a name or pattern to define which roles should be available to members of the group for which project license servers, repositories and models.

  7. Confirm the selection with .

    You have defined a login rule. Then arrange the rules correctly in the order of the login rules.
Creating or Changing Model Administrator Rules

You create certain rules for logging into models as an administrator for users. As group members, users might already have corresponding rules via their affiliation to a group.

Model administrator rules define whether users can log into a model as a model administrator. An option can define that this can take place only via plug-ins.

In each case, you use a name or pattern to define the project license servers, repositories and models which logging-in as a model administrator should be possible for. Only the asterisk (*) is available for the formulation of patterns. You use precise specifications about project license servers, repositories and models to restrict the applicability of the rule.

Please note that a newly created rule initially gives the user unrestricted access as model administrator to all models, since the asterisk is the default setting for the drop-down lists.

Please note that due to the rule evaluation steps, the order of rules with an overlapping applicability is decisive and that direct user rules always take priority over group rules.

BEISPIELE?

  1. Select the user you want to create or edit a rule for in the Users tab.

  2. To create a model administrator rule, select .

    A dialog appears.

  3. To change a model administrator rule, select the login rule and select  .

    A dialog appears.

  4. In the drop-down lists, use a name or pattern to define the project license servers, repositories and models which logging-in as a model administrator should be allowed or excluded for.

  5. Confirm the selection with .

    You have defined a model administrator rule. Then arrange the rules correctly in the order of the model administrator rules.
Creating or Changing Model Server Rules

You create certain rules for executing administrative tasks for the model server. As group members, users might already have corresponding rules via their affiliation to a group.

Model server rules are used to determine whether or not a user can carry out administrative tasks and in which single sign-on data repositories.

Model server rules control authorizations for the following actions:

  • Log-in as repository administrator (no password required)
  • Start and close a model server (also using the command line)
  • Login, rename, copy, export or delete models
  • Manage logins to repository models

In each case, you use a name or pattern to define the project license servers and repositories which administrative tasks are allowed or excluded for. Only the asterisk (*) is available for the formulation of patterns. You use precise specifications about project license servers and repositories to restrict the applicability of the rule.

Please note that a newly created rule initially gives the user unrestricted access to all repositories, since the asterisk is the default setting for the drop-down lists.

Please note that due to the rule evaluation steps, the order of rules with an overlapping applicability is decisive and that direct user rules always take priority over group rules.

BEISPIELE?

  1. Select the user you want to create or edit a rule for in the Users tab.

  2. To create a model server rule, select .

    A dialog appears.

  3. To change a model server rule, select the model server rule and select .

    A dialog appears.

  4. In the other drop-down lists, use a name or pattern to define the project license servers and repositories which administrative tasks are allowed or excluded for.

  5. Confirm the selection with .

    You have defined a model server rule. Then arrange the rules correctly in the order of the model server rules.
Creating or Changing Version Rules

You create certain rules for executing administrative tasks for the managed models. As group members, users might already have corresponding rules via their affiliation to a group.

Version rules are used to determine whether and in which managed models a user can carry out administrative tasks.

Version rules control authorizations for the following actions:

  • Login as administrator for managed models (no password required)
  • Create managed models
  • Create, manage and back-up model versions
  • Manage logins to model versions

In each case, you use a name or pattern to define the project license servers and models which administrative tasks are allowed or excluded for. Only the asterisk (*) is available for the formulation of patterns. You use precise specifications about project license servers and models to restrict the applicability of the rule.

Please note that a newly created rule initially gives the user unrestricted access to all managed models, since the asterisk is the default setting for the drop-down lists.

Please note that due to the rule evaluation steps, the order of rules with an overlapping applicability is decisive and that direct user rules always take priority over group rules.

BEISPIELE?

  1. Select the user you want to create or edit a rule for in the tab.

  2. To create a model server rule, select .

    A dialog appears.

  3. To change a model server rule, select the model server rule and select .

    A dialog appears.

  4. In the other drop-down lists, use a name or pattern to define the project license servers and repositories which administrative tasks are allowed or excluded for.

  5. Confirm the selection with .

    You have defined a model server rule. Then arrange the rules correctly in the order of the model server rules.
Moving Rules

The order of the rules is relevant for the evaluation and effectiveness of the rules.

  1. Select the rule whose order you want to change in the rule table.

  2. Move the rule using the shortcut []+[] or []+[] or with the   or   buttons.

    The order is effective in that the first hit is always used for a user.

    Rules that cannot currently be reached through the order and are thus ineffective are indicated in the columns with the warning triangle .
Deleting Rules

Rules can be deleted. The deletion must be confirmed.

  1. Select the rule that you want to delete in the rule table.

  2. Select  .

  3. Confirm the security question with or cancel with .
Assigning Users to Innovator Groups

A user can be assigned only to the groups that do not originate from an external user management.

You cannot remove an assignment to an LDAP group.

You can assign users to manually created groups. For a selected user, the table displays the groups which the user is assigned to.

As a result of the assignment, the rules of the group are evaluated for the user, too, unless direct user rules are found for the relevant applicability.

  1. In the table, select the user which you want to change assignment for.

  2. Select & .

    The assignment dialog appears, listing all manually created groups and assigned LDAP groups.

  3. Activate the check boxes of the groups to which you want to assign the selected user.

  4. Confirm the assignment with .

    You have assigned the selected user to one or more groups, thus transferring the applicable rules for the user in question.