Authorization

Overview

In the Authorization tab, you grant or revoke permission to a subject, which can be a user or a group of users. You assign a pre-configured resource type to a subject that enables the subject to access resources (or features) in IBM Process Mining. For example, if you assign a resource type, namely Multi Tenant Administration in User administration, to a user, the user gets access to the multi-tenant resources in IBM Process Mining. However, the authorized permissions determine the activities that a subject can perform in an assigned resource.

In the Dashboard page of the Authorizations tab, you see the Authorization table, which gives details of all the assigned permissions (see 'Figure 1. Authorization Dashboard').

Authorizations Figure 1. Authorization Dashboard

See 'Table 1' to learn more about the columns in the 'Authorization' table.

Columns in the
Authorization table
Description
Subject Type Lists the type of subject, which can be a User or a Group
Subject Lists the name of User or Group
Resource Type Lists the type of resources in IBM Process Mining that a subject can access
Resource Lists the name of resources in IBM Process Mining
Type Lists the status of permission, Grant or Revoke
Permissions Lists the permissions that are granted or revoked to the subject

Table 1

See the following topics to learn more about Permissions and the tasks you can perform in the Authorization tab:

Permissions in Authorization

See 'Table 2' to learn more about the different types of permissions in the Authorization tab.

Resource type Permission Action permissions
User administration
Multi Tenant administration read Second-level profile: view permission
write Second-level profile: edit permission
create Second-level profile: creation permission
Tenant administration read Second-level profile: view permission
write Second-level profile: edit permission
create Second-level profile: creation permission
User management read First-level profile: view permission
write First-level profile: edit permission
create First-level profile: creation permission
Analytics
Dashboard read Open dashboard,
Apply filters
write Add or remove widgets,
Edit widget configuration
create Create new dashboards
share Share analytics with people outside the organization
BPA
Application landscape read List and open application landscapes
write Edit application landscapes
create Create new application landscapes
share Share application landscapes with people outside the organization
Attachments read List and open attachments
write Edit documents that are attached to BPA models
create Add or remove documents
BPMN model read List and open BPMN models
write Edit BPMN models
create Create BPMN models
share Share BPMN models with people outside the organization
DMN read List and open DMN models
write Edit DMN models
create Create DMN models
Derived BPMN model read List and open derived BPMN model
write Modify derived BPMN models
create Create derived BPMN models
Organization landscape read List and open organization landscapes
write Edit organization landscapes
create Create organization landscapes
share Share organization landscapes with people outside the organization
Process landscape read List and open process landscapes
write Edit process landscapes
create Create process landscapes
share Share process landscapes with people outside the organization
Settings read List and open Settings
write Edit Settings
create Create Settings
Simulations read List and open Simulations
write Edit Simulations
create Create Simulations
Core
Monitor read Access to projects that belong to the organization or tenant
write Edit projects in organization or tenant, append data to a project
Organization read Access to projects that belong to the organization or tenant
write Edit projects in organization or tenant, append data to a project
create Create or remove projects in organization or tenant
share (not available for single projects) Invite new members to the organization or tenant
filter Apply filters to an IBM Process Mining project
configure Change project settings
datasource Change project mapping
refmodel Upload a reference model
create package Create a deployment package
deploy package Apply or publish the deployment package
dashboard Enable access to IBM Process Mining dashboard
Social net Enable access to Social net
Activity map Enable access to Activity map
Conformance check Enable Conformance check
Export BPMN Enable export BPMN
Diff Analysis Enable access to Diff analysis
Simulation Enable access to Simulation
Business Rule Mining Enable access to Business rule mining
View Organization members Enable view of the organization members
Project read Access to projects that belong to the organization or tenant
write Edit projects in organization or tenant, append data to a project
create Create or remove projects in organization or tenant
filter Apply filters to an IBM Process Mining project
configure Change project settings
datasource Change project mapping
refmodel Upload a reference model
create package Create a deployment package
deploy package Apply or publish the deployment package
dashboard Enable access to IBM Process Mining dashboard
Social net Enable access to Social net
Activity map Enable access to Activity map
Conformance check Enable Conformance check
Export BPMN Enable export BPMN
Diff Analysis Enable access to Diff analysis
Simulation Enable access to Simulation
Business Rule Mining Enable access to Business rule mining
Tenant read Access to projects that belong to the organization or tenant
write Edit projects in organization or tenant, append data to a project
create Create or remove projects in organization or tenant
share (not available for single projects) Invite new members to the organization or tenant
filter Apply filters to an IBM Process Mining project
configure Change project settings
datasource Change project mapping
refmodel Upload a reference model
create package Create a deployment package
deploy package Apply or publish the deployment package
dashboard Enable access to IBM Process Mining dashboard
Social net Enable access to Social net
Activity map Enable access to Activity map
Conformance check Enable Conformance check
Export BPMN Enable export BPMN
Diff Analysis Enable access to Diff analysis
Simulation Enable access to Simulation
Business Rule Mining Enable access to Business rule mining
View Organization members Enable view of the organization members
Process Apps Enable access to Process App
Custom Process Apps Enable access to Custom Process App
Monitor Enable access to Monitor
Suite access
Analytics read View Analytics tabs
BPA read View BPA tabs
IBM Process Mining read View IBM Process Mining tabs
Monitor and Action read View Monitor tabs
Taskminer
Classification read View the task classification performed for a Task Mining project
write Create or change the task classification for a Task Mining project
Decrypt read Download chunks from the audit logs and decrypt them for identifying errors by using the Decryptor tool
Monitoring list read Download and read the monitoring list from the server
write Edit a new monitoring list and update it to the server for all users
Obfuscation read View the obfuscation and anonymization settings performed for a Task Mining project
write Edit the obfuscation and anonymization configurations for a Task Mining project
Project read View the project configuration performed for a Task Mining project
write Edit or change the project settings for a Task Mining project
create Create or remove projects in organization or tenant
create package Create a deployment package
deploy package Apply or publish the deployment package
RPA Script read View the RPA Script settings for automating IBM Task Mining and IBM Process Mining inegration
write Edit or change the RPA Script settings

Table 2


Important: Starting from release 1.14.0, you must enable a user to access the process app for SAP Procure-to-Pay by assigning the Process Apps permission to the Owners group in Core > Tenant. In addition, you must remove the accelerator permission that is assigned to the Owners group in Core > Project.


Adding an Authorization

You can use the following steps to add an authorization:

  • Click the Add button (Add Button) to access the Edit authorization dialog. See 'Figure 2. Edit Authorization dialog'.

Edit authorization

Figure 2. Edit Authorization dialog

  • In the Edit authorization dialog, enter the required information in the following fields:

    • Subject type
      You select User or Group.
    • Subject
      You type a User or a Group or select from the list of User or Group that you can see by clicking the Show all button.
    • Type
      You select Grant or Revoke.
    • Permissions
      You select the required permissions from the list. See 'Table 2' to learn more about the permissions in each Resource type.
    • Resource type
      You select the required Resource type from the list. For more information about Resource type, see the Resource type topic.
    • Target resources
      You select any one of the following options:
      • All tenant resources
        You select the All tenant resources option if you want to apply the permission to all resources in IBM Process Mining.

      • Resources descendants of
        You select the Resources descendants of option if you want to apply the permission to the descendant of any existing Parent organization. You can select the parent organization from the list of organizations in the Parent organization field. See 'Figure 3. The Parent organization field in the Edit authorization dialog'.

        Parent Organizations in Edit Authorization

        Figure 3. The Parent organization field in the Edit authorization dialog

      • Specific resource
        You select Specific resource if you want to apply the permission to any specific resource in IBM Process Mining. You can select the specific resource from the list in the Resource field. See 'Figure 4. The Specific resource fields in the Edit authorization dialog'.

        Specific Resource in Edit Authorization

        Figure 4. The Specific resource field in the Edit authorization dialog

  • Click the OK button to complete adding the authorization.

Editing an Authorization

To edit the permission of a group or user, click the Edit icon (Edit authorization) against the authorization that you want to edit in the Authorization table. You can then add or remove the permissions in the Permissions field in the Edit Authorization dialog. See 'Video 1. Editing an existing authorization'.

Editing an existing authorization
Video 1. Editing an existing authorization

Deleting an Authorization

To delete an authorization, click the Delete icon (Delete authorization) against the authorization that you want to delete in the Authorization table. On the Confirmation dialog, you can click the Yes button to confirm the authorization deletion or you can click the No button to cancel the authorization deletion. See 'Video 2. Deleting an existing authorization'.

Deleting an existing authorization
Video 2. Deleting an existing authorization