Documentation forAccess Rights Manager

Add ARM users

  1. Use the link to switch between user and role management.
  2. ARM triggers a live request to your AD when adding an ARM user. It is therefore not required to perform an AD scan prior to adding a user.

Available search options:

  • If no prefixed domain is entered in the search field, ARM reads from the domain from which the credentials originate.
  • If a domain is entered (for example: "domain2\another.user"), then ARM will search that domain.

When assigning a user to a change role - such as data owner - that user initially has access to all resources. If you want to limit their access further you must do this via the Data Owner configuration.


Once you have found the desired user you can add him via drag & drop or by double-clicking.


Use groups as ARM users

You can use AD groups as ARM users. The process is identical to adding an ARM user. Please note the following:

Nested groups

If nested group memberships should be resolved, please follow the instructions in the knowledgebase article Configure ARM for the use of nested groups in the ARM user management.

Using complex group structures will increase login time significantly.


Hierarchy of role assignments

By using groups, it is possible to assign several roles to a user. In this scenario the login mechanism verifies role columns from left to right and uses the first match. There is no combination of roles.