Documentation forAccess Rights Manager

Define Access Rights Manager user roles

Access Rights Manager provides different user role types (from left to right):

  • 2 Administrator-roles
  • 5 Change-roles
  • 1 Read only-role
  • 1 Manager Role
  • 1 Requester Role

You cannot add more roles. You can change the name of the role by clicking on the pen icon.

The Manager Role can not be assigned by the Access Rights Manager user management. It is controlled by the AD attribute "Manager".

Only the first administrator role (leftmost column) can use the user management.


Use the "check box matrix" to determine which role can use which views and functions.

Unlicensed views and features are grayed out (legacy 8MAN licensing model only).


Use the filter to quickly find the desired option.

Please note that certain functions require specific access and views. For example the functionality "reset user password" requires either the "Accounts" or the "Resource" view.

The changes take effect immediately without requiring users to log in again.


Simplified rights management

  1. With the simplified rights management, certain details are hidden to simplify operation. This option is suitable for non-technical data owners.


Limitations of simplified rights management

  • The Group Wizard creates groups and members. The Group Wizard must be activated when using simplified user management. It is possible to enable this option with deactivated Group Wizard, however an error message will be shown.
  • The option "apply to all" is not available in the Group Wizard, meaning that existing direct access rights can not be turned into group memberships.
  • The detailed list of planned changes is hidden.
  • Only the content of Access Rights Manager groups is displayed. Existing access rights (direct or via other non-Access Rights Manager groups) as well as "Applies to" information (propagation) is hidden.