Groups
Groups are essential in managing branch security and permissions.
Which users can access which branches.
Which users can create, update, view, or delete the different element types and properties of elements.
Which instances of Rule Execution Server a user can access when deploying RuleApps or running test suites and simulations
All users who want to sign in to Decision Center must be a member of a group mapped to one of the predefined Decision Center roles.
Role | Access rights |
---|---|
rtsUser - Standard user | Access to the Explore, Query, Compose, Analyze, and Project tabs in the Enterprise console. |
rtsConfigManager - Configuration manager | Same access rights as rtsUser, plus features in the Project tab relating to setup. |
rtsAdministrator - Decision Center Administrator | Access to all the features of rtsConfigManager, plus additional features in the Project and Configure tabs and additional buttons on some of the toolbars (such as Release Locks). |
rtsInstaller - Decision Center installer. | Access to the Installation Settings Wizard in the Enterprise console. |
Groups and setting permissions
Administrators, that is, users who belong to a group mapped to the rtsAdministrator role, always have permission to create, update, view, and delete all the different element types and properties. The Administrator must explicitly set permissions for any other group (see Setting permissions).
A user can belong to several groups, and all groups are mapped to at least one of the predefined roles (normally rtsUser) to have the tabs available. Therefore, when you define a permission management system for your Decision Center users, you should remove branch access to groups named exactly like one of the predefined roles in favor of the new group.
If a user is a member of more than one of the groups that can access a given branch, Decision Center merges the permissions. If there is conflict, Decision Center chooses the least restrictive group.
Groups and the Group property
User groups are also used to set the Group property of different types of elements (see Project element properties).
When you create a new rule or other element, Decision Center sets the Group property of the new element to the group to which you (as element creator) belong. If you belong to more than one group that has security access to the branch, Decision Center selects the first group to which you belong, from the list of groups that have access.
Once set, the Group property can be modified by users who have permission to update this property. Typically this should be reserved to the Administrator.