Managing authorizations and permissions
In the Authorization tab of the Administration page, you can grant or revoke permissions to a subject (a user or a groups of users).
You can assign a pre-configured resource type (like an access to a certain feature of IBM Process Mining) to a subject (a user or a group of users) that enables the subject to access resources (like a certain dashboard or user group) in IBM Process Mining.
If you assign a resource type, such as Multi Tenant Administration in User administration, to a user, the user gets access to the multi-tenant resources in IBM Process Mining. However, the authorized permissions determine the activities that a subject can perform in an assigned resource.
In the Authorizations tab, you can see a table which gives details of all the assigned permissions.
Table 1 Authorizations fields explanation
| Field | Description |
|---|---|
| Subject type | Can be User or Group |
| Subject | Name of User or Group |
| Resource type | Resources (for example, different tabs or features) in IBM Process Mining that a subject can access. |
| Resource | Name of resources in IBM Process Mining, like a specific dashboard or a specific user group. |
| Type | Status of permission, can be Granted or Revoked. |
| Permissions | Permissions that are granted or revoked in this authorization. |
Permissions in authorizations
See the following tables to learn more about the different types of permissions in the Authorization tab.
User administration
Table 2. User administration permissions
| Resource type | Permission | What this permission allows you to do |
|---|---|---|
| Administration | write | Edit user and group permissions |
| Multi Tenant administration | write | Edit user and group permissions |
| Tenant administration | write | Edit user and group permissions |
AI Assistants
Table 3. AI Assistants permissions
| Resource type | Permission | What this permission allows you to do |
|---|---|---|
| Process Advisor | read | Use the AI chat. |
Analytics
Table 4. Analytics permissions
| Resource type | Permission | What this permission allows you to do |
|---|---|---|
| Dashboard | read | Open dashboards, apply filters |
| write | Add or remove widgets, edit widget configuration | |
| create | Create new dashboards |
Business repository
Table 5. Business repository permissions
| Resource type | Permission | What this permission allows you to do |
|---|---|---|
| Application landscape | read | See the list of application landscapes and open them |
| write | Edit application landscapes | |
| create | Create new application landscapes | |
| Attachments | read | See the list of attachments and open them |
| write | Edit documents that are attached to business repository models | |
| create | Add or remove attachments | |
| BPMN model | read | See the list of BPMN models and open them |
| write | Edit BPMN models | |
| create | Create BPMN models | |
| Derived BPMN model | read | See the list of derived BPMN models and open them |
| write | Modify derived BPMN models | |
| create | Create derived BPMN models | |
| DMN | read | See the list of DMN models and open them |
| write | Edit DMN models | |
| create | Create DMN models | |
| Organization landscape | read | See the list of organization landscapes and open them |
| write | Edit organization landscapes | |
| create | Create organization landscapes | |
| Process landscape | read | See the list of process landscapes and open them |
| write | Edit process landscapes | |
| create | Create process landscapes | |
| Settings | read | See the list of settings and open them |
| write | Edit settings | |
| Simulation | read | See the list of simulations and open them |
| write | Edit simulations | |
| create | Create simulations |
Core
Table 6. Core permissions
| Module | Permission | What this permission allows you to do |
|---|---|---|
| Monitor | read | Access monitors inside a specific organization, tenant, or project in Action Hub |
| write | Create, edit, and append data to monitors inside a specific organization, tenant, or project in Action Hub | |
| Monitor Service | read | Access the monitor services (connections) inside a specific organization, tenant, or project in Action Hub |
| write | Create and edit the monitor services (connections) inside a specific organization, tenant, or project in Action Hub | |
| Organization | read | Access projects that belong to the organization |
| write | Edit and append data to projects in the organization | |
| create | Create new organizations. Create or remove projects in organization | |
| share | Invite new members to the organization (not available for single projects) | |
| filter | Apply filters to an IBM Process Mining project | |
| configure | Change project settings | |
| datasource | Change project mapping | |
| refmodel | Upload a reference model | |
| create package | Create a deployment package | |
| deploy package | Apply or publish the deployment package | |
| dashboard | Access IBM Process Mining dashboard | |
| Social net | Access social net | |
| Activity map | Access activity map | |
| Conformance check | Perform a conformance check | |
| Export BPMN | Export BPMN | |
| Diff Analysis | Access diff analysis | |
| Simulation | Access simulation | |
| Business Rule Mining | Access business rule mining | |
| View Organization members | View the members of the organization | |
| Process Apps | Access the process apps page | |
| Custom Process Apps | Create and use the custom process apps | |
| Object tables | Manage object tables of the organization | |
| Join tables | Join tables inside the organization | |
| Monitor | Access monitors inside the organization | |
| Monitor Service | Access monitor services (connections) inside the organization | |
| Prescriptive Process Mining | PPM Report Config | Create and configure Prescriptive Process Mining reports |
| PPM Report Delete | Delete Prescriptive Process Mining reports | |
| Project | read | Access projects that belong to the organization or tenant |
| write | Edit projects in organization or tenant, append data to a project | |
| create | Create or remove projects in organization or tenant | |
| filter | Apply filters to a project | |
| configure | Change project settings | |
| datasource | Change project mapping | |
| refmodel | Upload a reference model | |
| create package | Create a deployment package | |
| deploy package | Apply and publish the deployment package | |
| dashboard | Access a dashboard | |
| Social net | Access to Social net | |
| Activity map | Access to Activity map | |
| Conformance check | Conformance check | |
| Export BPMN | Export BPMN | |
| Diff Analysis | Access diff analysis | |
| Simulation | Access simulation | |
| Business Rule Mining | Access business rule mining | |
| Monitor | Access monitors inside the project | |
| Monitor Service | Access monitor services (connections) inside the project | |
| Create cockpit | Create a cockpit dashboard for the project | |
| Tenant | read | Access projects that belong to the tenant |
| write | Edit projects in a tenant, append data to a project | |
| create | Create or remove projects in the tenant | |
| share | Invite new members to the tenant (not available for single projects) | |
| filter | Apply filters to a project | |
| configure | Change project settings | |
| datasource | Change project mapping | |
| refmodel | Upload a reference model | |
| create package | Create a deployment package | |
| deploy package | Apply or publish the deployment package | |
| dashboard | Access to dashboard | |
| Social net | Access to Social net | |
| Activity map | Access to Activity map | |
| Conformance check | Perform a conformance check | |
| Export BPMN | Export BPMN | |
| Diff Analysis | Access to Diff analysis | |
| Simulation | Access to Simulation | |
| Business Rule Mining | Access to Business rule mining | |
| View Organization members | View the organization members | |
| Process Apps | Access the process app page | |
| Custom Process Apps | Create a ND use custom process apps | |
| Monitor | Access all monitors in this tenant | |
| Monitor service | Access monitor services (connections) inside the tenant | |
| Create cockpit | Create a cockpit dashboard in each project of the tenant |
Suite access
Table 7. Suite access permissions
| Module | Permission | What this permission allows |
|---|---|---|
| Action Hub | read | View Action hub tabs |
| Analytics | read | View Analytics tabs |
| Business repository | read | View Business repository tabs |
| Process Mining | read | View the Process tab |
Taskminer
Table 8. Taskminer permissions
| Module | Permission | What this permission allows |
|---|---|---|
| Classification | read | View the task classification performed for a Task Mining project |
| write | Create or change the task classification for a Task Mining project | |
| Decrypt | read | Download chunks from the audit logs and decrypt them for identifying errors by using the Decryptor tool |
| Monitoring list | read | Download and read the monitoring list from the server |
| write | Edit a new monitoring list and update it to the server for all users | |
| Obfuscation | read | View the obfuscation and anonymization settings performed for a Task Mining project |
| write | Edit the obfuscation and anonymization configurations for a Task Mining project | |
| Project | read | View the project configuration performed for a Task Mining project |
| write | Edit or change the project settings for a Task Mining project | |
| create | Create or remove projects in organization or tenant | |
| create package | Create a deployment package | |
| deploy package | Apply or publish the deployment package | |
| RPA Script | read | View the RPA Script settings for automating IBM Task Mining and IBM Process Mining integration |
| write | Edit or change the RPA Script settings |
Adding authorizations
- On the home page, click the Administration tab.
- Go to the Authorizations tab.
- Select the Tenant from the drop down list.
- From the list on the left, select a resource type from the Resource type list. A resource type is a feature of IBM Process Mining. For example, if you want to give someone an authorization to perform actions inside Analytics, go to Analytics > Dashboard resource type.
- Click Add authorization.
- In the Subject type field, select whether you want to add an authorization to a user or a group.
- In the Subject field, select the specific user or user group from the list.
- In the Resource Type field, leave the resource type you selected before or select the required one.
- If the Target resource field appears, complete one of the following steps:
- If you want the authorization to concern all tenant resources (like projects, models) of the chosen component, select All tenant resources.
- If you want the authorization to concern resources (like projects, models) that are descendants of a specific organization, select Resources descendants of and select the parent organization.
- If you want the authorization to concern a specific resource (like a project or a model), select Specific resource and select that resource from the list.
- In the Type field, select Grant.
- Select the permissions (like create, read, write) which you want the users of that group to have through this authorization.
- Click Add.
Deleting authorizations
- On the home page, click the Administration tab.
- Go to the Authorizations tab.
- Select the Tenant from the drop down list.
- From the list on the left, select a resource type from the Resource type list. A resource type is a feature of IBM Process Mining. For example, if you want to give someone an authorization to perform actions inside Analytics, go to Analytics > Dashboard resource type.
- In the row of the authorization which you want to delete, click the Delete button.
- Confirm that you want to delete this authorization.
Revoking authorizations
- On the home page, click the Administration tab.
- Go to the Authorizations tab.
- Select the Tenant from the drop down list.
- From the list on the left, select a resource type from the Resource type list. A resource type is a feature of IBM Process Mining. For example, if you want to give someone an authorization to perform actions inside Analytics, go to Analytics > Dashboard resource type.
- Click Add authorization.
- In the Subject type field, select whether you want to revoke an authorization from a user or a group.
- In the Subject field, select the specific user or user group from the list.
- In the Resource Type field, leave the resource type you selected before or select the required one.
- If the Target resource field appears, complete one of the following steps:
- If you want the authorization to concern all tenant resources (like projects, models) of the chosen component, select All tenant resources.
- If you want the authorization to concern resources (like projects, models) that are descendants of a specific organization, select Resources descendants of and select the parent organization.
- If you want the authorization to concern a specific resource (like a project or a model), select Specific resource and select that resource from the list.
- In the Type field, select Revoke.
- Select the permissions (like create, read, write) which you want to revoke through this authorization.
- Click Add.
Editing authorizations
- On the home page, click the Administration tab.
- Go to the Authorizations tab.
- Select the Tenant from the drop down list.
- From the list on the left, select a resource type from the Resource type list. A resource type is a feature of IBM Process Mining. For example, if you want to give someone an authorization to perform actions inside Analytics, go to Analytics > Dashboard resource type.
- In the row of the authorization which you want to edit, click the Edit button.
- Edit (add or remove) the permissions in that authorization.
- Click Save.