Documentation forAccess Rights Manager

Add ARM users

  1. Use the link to switch between user and role management.
  2. Access Rights Manager triggers a live request to your AD when adding an Access Rights Manager user. It is therefore not required to perform an AD scan prior to adding a user.

Available search options:

  • If no prefixed domain is entered in the search field, ARM reads from the domain from which the credentials originate.
  • If a domain is entered (for example: "domain2\another.user"), then Access Rights Manager will search that domain.

When assigning a user to a change role - for example, Data Owner - this user initially has no access to resources and can only see his own account in ARM. If you want to grant further access, use the Data Owner configuration for this.


Once you have found the desired user you can add him via drag & drop or by double-clicking.


Use groups as Access Rights Manager users

You can use AD groups as Access Rights Manager users. The process is identical to adding an Access Rights Manager user. Please note the following:

Nested groups

If nested group memberships should be resolved, please follow the instructions in the knowledgebase article Configure ARM for the use of nested groups in the ARM user management.

Using complex group structures will increase login time significantly.


Hierarchy of role assignments

By using groups, it is possible to assign several roles to a user. In this scenario the login mechanism verifies role columns from left to right and uses the first match. There is no combination of roles.