Define ARM user roles
ARM provides different user role types (from left to right):
- 2 Administrator-roles
- 5 Change-roles
- 1 Read only-role
- 1 Manager Role
- 1 Requester Role
The Manager Role can not be assigned by the ARM user management. It is assigned by the AD attribute "Manager".
You can change the name of the role by clicking on the pen icon.
Only the first administrator role (leftmost column) can use the user management.
Use the "check box matrix" to determine which role can use which views and functions.
Unlicensed views and features are grayed out (legacy 8MAN licensing model only).
Use the filter to quickly find the desired option.
Please note that certain functions require specific access and views. For example the functionality "reset user password" requires either the "Accounts" or the "Resource" view.
The changes take effect immediately without requiring users to log in again.
Simplified rights management
- With the simplified rights management, certain details are hidden to simplify operation. This option is suitable for non-technical data owners.
Limitations of simplified rights management
- The Group Wizard creates groups and members. The Group Wizard must be activated when using simplified user management. It is possible to enable this option with deactivated Group Wizard, however an error message will be shown.
- The option "apply to all" is not available in the Group Wizard, meaning that existing direct access rights can not be turned into group memberships.
- The detailed list of planned changes is hidden.
- Only the content of ARM groups is displayed. Existing access rights (direct or via other non-ARM groups) as well as "Applies to" information (propagation) is hidden.