Defining Group Rules

You manage the user groups of your models in the central group list. Here, you make the general settings for users (as group members) and manage project-related groups.

Central Group List

User groups group users with certain common factors, e.g. with the same tasks or responsibilities.

In the Groups tab, define groups that are characterized by the assignment of certain rules for logging-in to models or logging-in to model servers as a repository administrator All group members already possess rules via their affiliation to a group in this case. In exceptional cases, you define the individual rules for users.

The groups in the Innovator user management can be synchronized with user groups of external user configurations.

User groups of external user configurations can be assigned to an Innovator group. You can also assign users and other Innovator groups as members.

If the user management of your network uses the Lightweight Directory Access Protocol (LDAP), you can load groups and their members from this source. All groups imported from LDAP are indicated by an icon in the column.

All members of a group can be assigned the Manage Users and Manage Environment rights. To do this, select a group in the Groups table and select Users>Edit>Properties (Enter).

You can create rules for a group. To do so, select a group and select the corresponding rules using Users>New >...

 Login Rule

 Model Admin Rule

 Model Server Rule

 Version Rule

Note

Please bear the information about rule evaluation in mind when creating rules and defining their order.

General Procedures in Tables

Prerequisites

Commands in a table take effect exclusively with a corresponding selection of one or more entries in this table.

Context

Purpose, Initial Selection and Shortcut Keys Go to Target

Purpose: Go to the selected rule in the Groups or Users tab

Selection: group or user rule

Command: Go to User/Group (Ctrl+M)

Rule in the relevant rule table in the Groups or Users tab

The corresponding group or user is selected in the Groups or Users table.

Purpose: go to the rule in the Groups or Users tab that excludes the rule that cannot be reached

Selection: rule that cannot be reached of a group or user

Command: Go to excluding rule (Shift+Ctrl+M)

Rule that excludes the rule that cannot be reached in the corresponding rule table in the Groups or Users tab

The corresponding group or user is selected in the Groups or Users table.

Purpose: go to the group or user in the Members table of the higher-level group

Selection: higher-level group of a group or user in the Assigned to Groups table

Command: Go to User/Group (Ctrl+M)

Group or user in the Members table in the Groups tab

The corresponding higher-level group is selected in the Groups table.

Selection: higher-level group of a group or user in the Assigned to Groups table

Selection: user or group in the Members table

Command: Go to User/Group (Ctrl+M)

Higher-level group of the group or user in the Assigned to Groups table in the Groups or Users tab

The corresponding group is selected in the Groups table or the corresponding user is selected in the User table.

Context

You can change the size of tables in the dialog by moving the separators.

The table separators can be controlled using the mouse and, if the table separator is in focus, using the keyboard arrow keys.

How to proceed

  1. To change the size of a table within the dialog with the mouse, click on the table separator and move it.

    The mouse pointer is displayed as a horizontal or vertical double arrow in accordance with the possible movement directions.

  2. To change the size of a table within the dialog with the keyboard, use the (Nicht definierte Variable:UIVar_Menu.KeyTab) key to set the focus on the table separator and then move this using the arrow keys.

    The column separator is indicated by the dotted focus frame.

Prerequisites

Sorting by column contents is only possible in tables without a relevant order, i.e. not in rule tables.

Context

Sorting enables the display and grouping of entries in accordance with the column contents in order to find certain entries more quickly.

You can sort sortable tables by one or more columns.

How to proceed

  1. To sort a table by a column, click on its column header. To reverse the sort order, click again.

    Entries are alphabetically sorted according to column content. An existing multiple selection is retained.

  2. To sort a table by multiple columns, click on the column header of the column with the primary sorting, keep the [Shift] key pressed, and then click the column headers of the columns to be used for secondary sorting.

    Secondary sorting is applied to the entries in accordance with the column contents.

Context

Filtering restricts the displayed entries so that certain entries can be found more quickly.

Case sensitivity is not relevant for filtering.

In front of the filter field, you are told how many entries of the total number of entries are still displayed when the filter is applied.

How to proceed

  1. To restrict the displayed entries, enter characters that occur in the entries you are looking for into the <Filter> field.

    The entries are restricted accordingly and the number of remaining entries is displayed in front of the filter field.

  2. To remove the filter, click on Reset.

    All entries are displayed again.

Supported Procedures in the Groups Table

Prerequisites

You can only change the name and domain for a manually created Innovator group.

Context

In addition to being transferred from an external user configuration, groups can also be included in the group list manually.

You use manually created groups to merge groups or to group users by project.

How to proceed

  1. To create a group, select Users>New>Group (Ctrl+Shift+G).

  2. To change a group, select the group and select Users>Edit>Properties (Enter).

    A dialog appears.

  3. Enter the name of the group in the system in the Name field.

  4. Enter the group's Windows domain in the system in the Domain field.

  5. Activate the check box with the same name to assign the Manage Users right to all users in the group.

  6. Confirm with OK.

Context

You can delete groups from the central groups list.

Attention

Note that groups are for the basic definition and organization of rules. The deletion of groups can mean that users are no longer able to log-in.

The deletion of LDAP groups has no effect on the external user management.

How to proceed

  1. Select the group which you wish to delete in the Groups table.

  2. Select Users>Edit>Delete (Del).

    A confirmation dialog appears.

  3. Confirm the security question with OK or cancel with Cancel.

Supported Procedures in Group Details

The details for the selected group are shown in the Groups tab on the right-hand side.

Context

You create certain rules for logging-in to models as user groups. All group members already possess rules via their affiliation to a group in this case.

Login rules for groups define which roles are available for members of the group when they log-in to a model as long as these roles are configured in the user management of the model.

In each case, you use a name or pattern to define which roles should be available to members of the group for which project license servers, repositories and models. Only the asterisk (*) is available for the formulation of patterns. You use precise specifications about project license servers, repositories and models to restrict the applicability of the rule.

Attention

Please note that a newly created rule initially gives the group members unrestricted access to all models, since the asterisk is the default setting for the drop-down lists.

Note

Please note that due to the rule evaluation steps, the order of rules with an overlapping applicability is decisive and that direct user rules always take priority over group rules.

How to proceed

  1. Select the group you want to create or edit a rule for in the Groups tab.

  2. Select Users>New>Login Rule (Ctrl+Shift+L) to create a login rule.

    A dialog appears.

  3. To change a login rule, select the login rule and select Users>Edit>Properties (Enter).

    A dialog appears.

  4. To define a rule that allows access, select the Rule grants access entry in the Access drop-down list.

  5. To define a rule that excludes access, select the Rule denies access entry in the Access drop-down list.

    A sensible exclusion rule requires a corresponding, accessible enabling rule for the entry in another group.

  6. In the other drop-down lists, use a name or pattern to define which roles should be available to members of the group for which project license servers, repositories and models.

  7. Confirm the selection with OK.

    You have defined a login rule. Then arrange the rules correctly in the order of the login rules.

Context

You create certain rules for logging-in to models as an administrator for user groups. All group members already possess rules via their affiliation to a group in this case.

Model administrator rules define whether group members can log-in to a model as a model administrator. The Rule does only apply for API option can define that this can take place only via plug-ins.

In each case, you use a name or pattern to define the project license servers, repositories and models which logging-in as a model administrator should be possible for. Only the asterisk (*) is available for the formulation of patterns. You use precise specifications about project license servers, repositories and models to restrict the applicability of the rule.

Attention

Please note that a newly created rule initially gives the group members unrestricted access as model administrator to all models, since the asterisk is the default setting for the drop-down lists.

Note

Please note that due to the rule evaluation steps, the order of rules with an overlapping applicability is decisive and that direct user rules always take priority over group rules.

How to proceed

  1. Select the group you want to create or edit a rule for in the Groups tab.

  2. To create a model administrator rule, select Users>New>Model Admin Rule (Ctrl+Shift+A).

    A dialog appears.

  3. To change a model administrator rule, select the login rule and select  Users>Edit>Properties (Enter).

    A dialog appears.

  4. To define a rule that allows access, select the Rule grants access entry in the Access drop-down list.

  5. To define a rule that excludes access, select the Rule denies access entry in the Access drop-down list.

    A sensible exclusion rule requires a corresponding, accessible enabling rule for the entry in another group.

  6. In the drop-down lists, use a name or pattern to define the project license servers, repositories and models which logging-in as a model administrator should be allowed or excluded for.

  7. Confirm the selection with OK.

    You have defined a model administrator rule. Then arrange the rules correctly in the order of the model administrator rules.

Context

You create certain rules for executing administrative tasks for the model server for group users. All group members already possess rules via their affiliation to a group in this case.

Model server rules are used to determine whether or not a user can carry out administrative tasks and in which single sign-on data repositories.

Model server rules control authorizations for the following actions:

  • Log-in as repository administrator (no password required)
    • Start and close a model server (also using the command line)
    • Login, rename, copy, export or delete models
    • Manage logins to repository models

In each case, you use a name or pattern to define the project license servers and repositories which administrative tasks are allowed or excluded for. Only the asterisk (*) is available for the formulation of patterns. You use precise specifications about project license servers and repositories to restrict the applicability of the rule.

Attention

Please note that a newly created rule initially gives the group members unrestricted access to all repositories, since the asterisk is the default setting for the drop-down lists.

Note

Please note that due to the rule evaluation steps, the order of rules with an overlapping applicability is decisive and that direct user rules always take priority over group rules.

How to proceed

  1. Select the group you want to create or edit a rule for in the Groups tab.

  2. To create a model server rule, select Users>New>Model Server Rule (Ctrl+Shift+S).

    A dialog appears.

  3. To change a model server rule, select the model server rule and select Users>Edit>Properties (Enter).

    A dialog appears.

  4. To define a rule that allows access, select the Rule grants access entry in the Access drop-down list.

  5. To define a rule that excludes access, select the Rule denies access entry in the Access drop-down list.

    A sensible exclusion rule requires a corresponding, accessible enabling rule for the entry in another group.

  6. In the other drop-down lists, use a name or pattern to define the project license servers and repositories which administrative tasks are allowed or excluded for.

  7. Confirm the selection with OK.

    You have defined a model server rule. Then arrange the rules correctly in the order of the model server rules.

Context

You create certain rules for user groups for executing administrative tasks for the managed models. All group members already possess rules via their affiliation to a group in this case.

Version rules are used to determine whether and in which managed models a user can carry out administrative tasks.

Version rules control authorizations for the following actions:

  • Login as administrator for managed models (no password required)
  • Create managed models
  • Create, manage and back-up model versions
  • Manage logins to model versions

In each case, you use a name or pattern to define the project license servers and models which administrative tasks are allowed or excluded for. Only the asterisk (*) is available for the formulation of patterns. You use precise specifications about project license servers and models to restrict the applicability of the rule.

Attention

Please note that a newly created rule initially gives the group members unrestricted access to all managed models, since the asterisk is the default setting for the drop-down lists.

Note

Please note that due to the rule evaluation steps, the order of rules with an overlapping applicability is decisive and that direct user rules always take priority over group rules.

How to proceed

  1. Select the group you want to create or edit a rule for in the Groups tab.

  2. To create a model server rule, select Users>New>Version Rule (Ctrl+Shift+V).

    A dialog appears.

  3. To change a model server rule, select the model server rule and select Users>Edit>Properties (Enter).

    A dialog appears.

  4. To define a rule that allows access, select the Rule grants access entry in the Access drop-down list.

  5. To define a rule that excludes access, select the Rule denies access entry in the Access drop-down list.

    A sensible exclusion rule requires a corresponding, accessible enabling rule for the entry in another group.

  6. In the other drop-down lists, use a name or pattern to define the project license servers and repositories which administrative tasks are allowed or excluded for.

  7. Confirm the selection with OK.

    You have defined a model server rule. Then arrange the rules correctly in the order of the model server rules.

Context

The order of the rules is relevant for the evaluation and effectiveness of the rules.

How to proceed

  1. Select the rule whose order you want to change in the rule table.

  2. Move the rule using the shortcut [Ctrl]+[(Nicht definierte Variable:UIVar_Menu.KeyUp)] or [Ctrl]+[(Nicht definierte Variable:UIVar_Menu.KeyDown)] or with the  (Nicht definierte Variable:UIVar_Menu.KeyUp) or  (Nicht definierte Variable:UIVar_Menu.KeyDown) buttons.

    The order is effective in that the first hit is always used for a user.

    Rules that cannot currently be reached through the order and are thus ineffective are indicated in the reachable columns with the warning triangle .

Context

Rules can be deleted. The deletion must be confirmed.

How to proceed

  1. Select the rule that you want to delete in the rule table.

  2. Select Delete (Del).

  3. Confirm the security question with Yes or cancel with No.

Prerequisites

A group can be assigned only to the groups that do not originate from an external user management.

Context

You can assign a group to other groups. For a selected group, the Assigned to Groups table displays the groups which the user is assigned to.

The rules of the higher-level group apply to the members of the group as a result of the assignment.

How to proceed

  1. In the Groups table, select the group which you want to change assignment for.

  2. Select Edit>Assign Groups.

    The assignment dialog appears, listing all manually created groups.

  3. Activate the check boxes of the groups to which you want to assign the selected group.

  4. Confirm the assignment with OK.

    You have assigned the selected group to one or more groups, and in doing so transferred the applicable rules for the members in question.

Prerequisites

Groups and users can only be assigned as members to the groups that do not originate from an external user management.

Context

You can assign users or other groups to a manually created group. For a selected group, the Members table displays the groups and users assigned to the group as members.

The rules of the group also apply to its members as a result of the assignment.

How to proceed

  1. In the Groups table, select the manually created group whose member assignment you want to edit.

  2. Select Edit>Assign Members.

    The assignment dialog appears, listing all groups (except for the selected group) and users.

  3. Activate the check boxes of the groups and users that you want to assign as members.

  4. Confirm the assignment with OK.

    You have assigned members to the selected group, thus transferring the rules of the group for the members.

Related Topics Link IconRelated Topics