Define the ARM user roles
User roles are categories assigned to users based on their job title or function. Roles allow you to define the level of access and functionality within ARM.
After you add new ARM users and define the user roles, you can assign the roles to your ARM users.
Role types
ARM provides the following user role types (from left to right, as shown below):
- Two Administrator roles
- Five Change roles
- One Read only role
- One Manager role
- One Requester role
You cannot add additional roles. You can edit an existing role name by clicking the pen icon and entering a new role name.
The Manager Role cannot be assigned by ARM user management. This role is controlled by the Manager attribute in AD.
The Administrator role can access User Management. The Junior Administrator role does not have the permissions to access User Management.
Role functions
Use the check box matrix to determine which role can use specific views and functions. Unlicensed views and features are grayed out (legacy 8MAN licensing model only).
Search for a role by action
Enter a term in the search field to filter and locate a role based on action.
Certain functions require specific access and views. For example, the "reset user password" functionality requires the Accounts or Resource view.
All changes take effect immediately without requiring users to log in again.
Simplified rights management
Using simplified rights management, certain details are hidden to simplify operation. This option is suitable for non-technical data owners.
Simplified rights management limitations
-
The Group Wizard creates groups and members. This wizard must be activated when using simplified user management. You can enable this option with the Group Wizard deactivated, but this process will generate an error.
-
The Apply to All option is not available in the Group Wizard. As a result, existing direct access rights cannot be turned into group memberships.
-
The detailed list of planned changes is hidden.
-
Only the ARM group content is displayed. Existing access rights (direct or through other non-ARM groups) as well as "Applies to" information (propagation) is hidden.