Authorization
Overview
In the Authorization tab, you grant or revoke permission to a subject, which can be a user or a group of users. You assign a pre-configured resource type to a subject that enables the subject to access resources (or features) in IBM Process Mining. For example, if you assign a resource type, namely Multi Tenant Administration in User administration, to a user, the user gets access to the multi-tenant resources in IBM Process Mining. However, the authorized permissions determine the activities that a subject can perform in an assigned resource.
In the Dashboard page of the Authorizations tab, you see the Authorization table, which gives details of all the assigned permissions (see 'Figure 1. Authorization Dashboard').
Figure 1. Authorization Dashboard
See 'Table 1' to learn more about the columns in the 'Authorization' table.
Columns in the Authorization table |
Description |
---|---|
Subject Type | Lists the type of subject, which can be a User or a Group |
Subject | Lists the name of User or Group |
Resource Type | Lists the type of resources in IBM Process Mining that a subject can access |
Resource | Lists the name of resources in IBM Process Mining |
Type | Lists the status of permission, Grant or Revoke |
Permissions | Lists the permissions that are granted or revoked to the subject |
Table 1
See the following topics to learn more about Permissions and the tasks you can perform in the Authorization tab:
Permissions in Authorization
See 'Table 2' to learn more about the different types of permissions in the Authorization tab.
Resource type | Permission | Action permissions | |
User administration | |||
---|---|---|---|
Multi Tenant administration | read | Second-level profile: view permission | |
write | Second-level profile: edit permission | ||
create | Second-level profile: creation permission | ||
Tenant administration | read | Second-level profile: view permission | |
write | Second-level profile: edit permission | ||
create | Second-level profile: creation permission | ||
User management | read | First-level profile: view permission | |
write | First-level profile: edit permission | ||
create | First-level profile: creation permission | ||
Analytics | |||
Dashboard | read | Open dashboard, Apply filters |
|
write | Add or remove widgets, Edit widget configuration |
||
create | Create new dashboards | ||
share | Share analytics with people outside the organization | ||
BPA | |||
Application landscape | read | List and open application landscapes | |
write | Edit application landscapes | ||
create | Create new application landscapes | ||
share | Share application landscapes with people outside the organization | ||
Attachments | read | List and open attachments | |
write | Edit documents that are attached to BPA models | ||
create | Add or remove documents | ||
BPMN model | read | List and open BPMN models | |
write | Edit BPMN models | ||
create | Create BPMN models | ||
share | Share BPMN models with people outside the organization | ||
DMN | read | List and open DMN models | |
write | Edit DMN models | ||
create | Create DMN models | ||
Derived BPMN model | read | List and open derived BPMN model | |
write | Modify derived BPMN models | ||
create | Create derived BPMN models | ||
Organization landscape | read | List and open organization landscapes | |
write | Edit organization landscapes | ||
create | Create organization landscapes | ||
share | Share organization landscapes with people outside the organization | ||
Process landscape | read | List and open process landscapes | |
write | Edit process landscapes | ||
create | Create process landscapes | ||
share | Share process landscapes with people outside the organization | ||
Settings | read | List and open Settings | |
write | Edit Settings | ||
create | Create Settings | ||
Simulations | read | List and open Simulations | |
write | Edit Simulations | ||
create | Create Simulations | ||
Core | |||
Monitor | read | Access to projects that belong to the organization or tenant | |
write | Edit projects in organization or tenant, append data to a project | ||
Organization | read | Access to projects that belong to the organization or tenant | |
write | Edit projects in organization or tenant, append data to a project | ||
create | Create or remove projects in organization or tenant | ||
share (not available for single projects) | Invite new members to the organization or tenant | ||
filter | Apply filters to an IBM Process Mining project | ||
configure | Change project settings | ||
datasource | Change project mapping | ||
refmodel | Upload a reference model | ||
create package | Create a deployment package | ||
deploy package | Apply or publish the deployment package | ||
dashboard | Enable access to IBM Process Mining dashboard | ||
Social net | Enable access to Social net | ||
Activity map | Enable access to Activity map | ||
Conformance check | Enable Conformance check | ||
Export BPMN | Enable export BPMN | ||
Diff Analysis | Enable access to Diff analysis | ||
Simulation | Enable access to Simulation | ||
Business Rule Mining | Enable access to Business rule mining | ||
View Organization members | Enable view of the organization members | ||
Project | read | Access to projects that belong to the organization or tenant | |
write | Edit projects in organization or tenant, append data to a project | ||
create | Create or remove projects in organization or tenant | ||
filter | Apply filters to an IBM Process Mining project | ||
configure | Change project settings | ||
datasource | Change project mapping | ||
refmodel | Upload a reference model | ||
create package | Create a deployment package | ||
deploy package | Apply or publish the deployment package | ||
dashboard | Enable access to IBM Process Mining dashboard | ||
Social net | Enable access to Social net | ||
Activity map | Enable access to Activity map | ||
Conformance check | Enable Conformance check | ||
Export BPMN | Enable export BPMN | ||
Diff Analysis | Enable access to Diff analysis | ||
Simulation | Enable access to Simulation | ||
Business Rule Mining | Enable access to Business rule mining | ||
Tenant | read | Access to projects that belong to the organization or tenant | |
write | Edit projects in organization or tenant, append data to a project | ||
create | Create or remove projects in organization or tenant | ||
share (not available for single projects) | Invite new members to the organization or tenant | ||
filter | Apply filters to an IBM Process Mining project | ||
configure | Change project settings | ||
datasource | Change project mapping | ||
refmodel | Upload a reference model | ||
create package | Create a deployment package | ||
deploy package | Apply or publish the deployment package | ||
dashboard | Enable access to IBM Process Mining dashboard | ||
Social net | Enable access to Social net | ||
Activity map | Enable access to Activity map | ||
Conformance check | Enable Conformance check | ||
Export BPMN | Enable export BPMN | ||
Diff Analysis | Enable access to Diff analysis | ||
Simulation | Enable access to Simulation | ||
Business Rule Mining | Enable access to Business rule mining | ||
View Organization members | Enable view of the organization members | ||
Process Apps | Enable access to Process App | ||
Custom Process Apps | Enable access to Custom Process App | ||
Monitor | Enable access to Monitor | ||
Suite access | |||
Analytics | read | View Analytics tabs | |
BPA | read | View BPA tabs | |
IBM Process Mining | read | View IBM Process Mining tabs | |
Monitor and Action | read | View Monitor tabs | |
Taskminer | |||
Classification | read | View the task classification performed for a Task Mining project | |
write | Create or change the task classification for a Task Mining project | ||
Decrypt | read | Download chunks from the audit logs and decrypt them for identifying errors by using the Decryptor tool | |
Monitoring list | read | Download and read the monitoring list from the server | |
write | Edit a new monitoring list and update it to the server for all users | ||
Obfuscation | read | View the obfuscation and anonymization settings performed for a Task Mining project | |
write | Edit the obfuscation and anonymization configurations for a Task Mining project | ||
Project | read | View the project configuration performed for a Task Mining project | |
write | Edit or change the project settings for a Task Mining project | ||
create | Create or remove projects in organization or tenant | ||
create package | Create a deployment package | ||
deploy package | Apply or publish the deployment package | ||
RPA Script | read | View the RPA Script settings for automating IBM Task Mining and IBM Process Mining inegration | |
write | Edit or change the RPA Script settings |
Table 2
Important: Starting from release 1.14.0, you must enable a user to access the process app for SAP Procure-to-Pay by assigning the Process Apps
permission to the Owners group in Core > Tenant. In addition, you must remove the accelerator
permission that is assigned to the Owners group in Core > Project.
Adding an Authorization
You can use the following steps to add an authorization:
- Click the Add button (
) to access the Edit authorization dialog. See 'Figure 2. Edit Authorization dialog'.
Figure 2. Edit Authorization dialog
-
In the Edit authorization dialog, enter the required information in the following fields:
- Subject type
You select User or Group. - Subject
You type a User or a Group or select from the list of User or Group that you can see by clicking the Show all button. - Type
You select Grant or Revoke. - Permissions
You select the required permissions from the list. See 'Table 2' to learn more about the permissions in each Resource type. - Resource type
You select the required Resource type from the list. For more information about Resource type, see the Resource type topic. - Target resources
You select any one of the following options:-
All tenant resources
You select the All tenant resources option if you want to apply the permission to all resources in IBM Process Mining. -
Resources descendants of
You select the Resources descendants of option if you want to apply the permission to the descendant of any existing Parent organization. You can select the parent organization from the list of organizations in the Parent organization field. See 'Figure 3. The Parent organization field in the Edit authorization dialog'.Figure 3. The Parent organization field in the Edit authorization dialog
-
Specific resource
You select Specific resource if you want to apply the permission to any specific resource in IBM Process Mining. You can select the specific resource from the list in the Resource field. See 'Figure 4. The Specific resource fields in the Edit authorization dialog'.Figure 4. The Specific resource field in the Edit authorization dialog
-
- Subject type
-
Click the OK button to complete adding the authorization.
Editing an Authorization
To edit the permission of a group or user, click the Edit icon () against the authorization that you want to edit in the Authorization table. You can then
add or remove the permissions in the Permissions field in the Edit Authorization dialog. See 'Video 1. Editing an existing authorization'.
Video 1. Editing an existing authorization
Deleting an Authorization
To delete an authorization, click the Delete icon () against the authorization that you want to delete in the Authorization table. On the Confirmation dialog, you can click the Yes button to confirm the authorization deletion or you can click the No button to cancel the authorization deletion. See 'Video 2. Deleting an existing authorization'.
Video 2. Deleting an existing authorization