Define ARM user roles
ARM provides different user role types (from left to right):
- 2 Administrator-roles
- 5 Change-roles
- 1 Read only-role
- 1 Manager Role
- 1 Requester Role
The Manager Role can not be assigned by the ARM user management. It is assigned by the AD attribute "Manager".
You can change the name of the role by clicking on the pen icon.
Only the first administrator role (left column) can use the user management.
Use the "check box matrix" to determine which role can use which views and functions.
Unlicensed views and features are grayed out (8MAN licensing model only).
Use the filter to quickly find the desired option.
Please note that certain functions require specific access and views. For example the functionality "reset user password" requires either the "Accounts" or the "Resource" view.
The changes take effect immediately without requiring users to log in again.
Simplified rights management
- With simplified user management, the user is not able to see specific details when managing permissions. This option is suitable for Data Owners that are not very technical.
Limitations of simplified rights management
- The group wizard creates groups and members. The group wizard must be activated when using simplified user management. It is possible to enable this option with deactivated group wizard, however an error message will be shown.
- The option "apply to all" is not available in the group wizard, meaning that existing direct access rights can not be turned into group memberships.
- The detailed list of planned changes is hidden.
- Only the content of ARM groups is displayed. Existing access rights (direct or via other non-ARM groups) as well as "Applies to" information (propagation) is hidden.