Managing authorizations and permissions

In the Authorization tab of the Administration page, you can grant or revoke permissions to a subject (a user or a groups of users).

You can assign a pre-configured resource type (like an access to a certain feature of IBM Process Mining) to a subject (a user or a group of users) that enables the subject to access resources (like a certain dashboard or user group) in IBM Process Mining.

If you assign a resource type, such as Multi Tenant Administration in User administration, to a user, the user gets access to the multi-tenant resources in IBM Process Mining. However, the authorized permissions determine the activities that a subject can perform in an assigned resource.

In the Authorizations tab, you can see a table which gives details of all the assigned permissions.

Table 1 Authorizations fields explanation

Field Description
Subject type Can be User or Group
Subject Name of User or Group
Resource type Resources (for example, different tabs or features) in IBM Process Mining that a subject can access.
Resource Name of resources in IBM Process Mining, like a specific dashboard or a specific user group.
Type Status of permission, can be Granted or Revoked.
Permissions Permissions that are granted or revoked in this authorization.

Permissions in authorizations

See the following tables to learn more about the different types of permissions in the Authorization tab.

User administration

Table 2. User administration permissions

Resource type Permission What this permission allows you to do
Administration write Edit user and group permissions
Multi Tenant administration write Edit user and group permissions
Tenant administration write Edit user and group permissions

AI Assistants

Table 3. AI Assistants permissions

Resource type Permission What this permission allows you to do
Process Advisor read Use the AI chat.

Analytics

Table 4. Analytics permissions

Resource type Permission What this permission allows you to do
Dashboard read Open dashboards, apply filters
  write Add or remove widgets, edit widget configuration
  create Create new dashboards

Business repository

Table 5. Business repository permissions

Resource type Permission What this permission allows you to do
Application landscape read See the list of application landscapes and open them
  write Edit application landscapes
  create Create new application landscapes
Attachments read See the list of attachments and open them
  write Edit documents that are attached to business repository models
  create Add or remove attachments
BPMN model read See the list of BPMN models and open them
  write Edit BPMN models
  create Create BPMN models
Derived BPMN model read See the list of derived BPMN models and open them
  write Modify derived BPMN models
  create Create derived BPMN models
DMN read See the list of DMN models and open them
  write Edit DMN models
  create Create DMN models
Organization landscape read See the list of organization landscapes and open them
  write Edit organization landscapes
  create Create organization landscapes
Process landscape read See the list of process landscapes and open them
  write Edit process landscapes
  create Create process landscapes
Settings read See the list of settings and open them
  write Edit settings
Simulation read See the list of simulations and open them
  write Edit simulations
  create Create simulations

Core

Table 6. Core permissions

Module Permission What this permission allows you to do
Monitor read Access monitors inside a specific organization, tenant, or project in Action Hub
  write Create, edit, and append data to monitors inside a specific organization, tenant, or project in Action Hub
Monitor Service read Access the monitor services (connections) inside a specific organization, tenant, or project in Action Hub
  write Create and edit the monitor services (connections) inside a specific organization, tenant, or project in Action Hub
Organization read Access projects that belong to the organization
  write Edit and append data to projects in the organization
  create Create new organizations. Create or remove projects in organization
  share Invite new members to the organization (not available for single projects)
  filter Apply filters to an IBM Process Mining project
  configure Change project settings
  datasource Change project mapping
  refmodel Upload a reference model
  create package Create a deployment package
  deploy package Apply or publish the deployment package
  dashboard Access IBM Process Mining dashboard
  Social net Access social net
  Activity map Access activity map
  Conformance check Perform a conformance check
  Export BPMN Export BPMN
  Diff Analysis Access diff analysis
  Simulation Access simulation
  Business Rule Mining Access business rule mining
  View Organization members View the members of the organization
  Process Apps Access the process apps page
  Custom Process Apps Create and use the custom process apps
  Object tables Manage object tables of the organization
  Join tables Join tables inside the organization
  Monitor Access monitors inside the organization
  Monitor Service Access monitor services (connections) inside the organization
Prescriptive Process Mining PPM Report Config Create and configure Prescriptive Process Mining reports
  PPM Report Delete Delete Prescriptive Process Mining reports
Project read Access projects that belong to the organization or tenant
  write Edit projects in organization or tenant, append data to a project
  create Create or remove projects in organization or tenant
  filter Apply filters to a project
  configure Change project settings
  datasource Change project mapping
  refmodel Upload a reference model
  create package Create a deployment package
  deploy package Apply and publish the deployment package
  dashboard Access a dashboard
  Social net Access to Social net
  Activity map Access to Activity map
  Conformance check Conformance check
  Export BPMN Export BPMN
  Diff Analysis Access diff analysis
  Simulation Access simulation
  Business Rule Mining Access business rule mining
  Monitor Access monitors inside the project
  Monitor Service Access monitor services (connections) inside the project
  Create cockpit Create a cockpit dashboard for the project
Tenant read Access projects that belong to the tenant
  write Edit projects in a tenant, append data to a project
  create Create or remove projects in the tenant
  share Invite new members to the tenant (not available for single projects)
  filter Apply filters to a project
  configure Change project settings
  datasource Change project mapping
  refmodel Upload a reference model
  create package Create a deployment package
  deploy package Apply or publish the deployment package
  dashboard Access to dashboard
  Social net Access to Social net
  Activity map Access to Activity map
  Conformance check Perform a conformance check
  Export BPMN Export BPMN
  Diff Analysis Access to Diff analysis
  Simulation Access to Simulation
  Business Rule Mining Access to Business rule mining
  View Organization members View the organization members
  Process Apps Access the process app page
  Custom Process Apps Create a ND use custom process apps
  Monitor Access all monitors in this tenant
  Monitor service Access monitor services (connections) inside the tenant
  Create cockpit Create a cockpit dashboard in each project of the tenant

Suite access

Table 7. Suite access permissions

Module Permission What this permission allows
Action Hub read View Action hub tabs
Analytics read View Analytics tabs
Business repository read View Business repository tabs
Process Mining read View the Process tab

Taskminer

Table 8. Taskminer permissions

Module Permission What this permission allows
Classification read View the task classification performed for a Task Mining project
  write Create or change the task classification for a Task Mining project
Decrypt read Download chunks from the audit logs and decrypt them for identifying errors by using the Decryptor tool
Monitoring list read Download and read the monitoring list from the server
  write Edit a new monitoring list and update it to the server for all users
Obfuscation read View the obfuscation and anonymization settings performed for a Task Mining project
  write Edit the obfuscation and anonymization configurations for a Task Mining project
Project read View the project configuration performed for a Task Mining project
  write Edit or change the project settings for a Task Mining project
  create Create or remove projects in organization or tenant
  create package Create a deployment package
  deploy package Apply or publish the deployment package
RPA Script read View the RPA Script settings for automating IBM Task Mining and IBM Process Mining integration
  write Edit or change the RPA Script settings

Adding authorizations

To add an authorization, complete the following steps:
  1. On the home page, click the Administration tab.
  2. Go to the Authorizations tab.
  3. Select the Tenant from the drop down list.
  4. From the list on the left, select a resource type from the Resource type list. A resource type is a feature of IBM Process Mining. For example, if you want to give someone an authorization to perform actions inside Analytics, go to Analytics > Dashboard resource type.
  5. Click Add authorization.
  6. In the Subject type field, select whether you want to add an authorization to a user or a group.
  7. In the Subject field, select the specific user or user group from the list.
  8. In the Resource Type field, leave the resource type you selected before or select the required one.
  9. If the Target resource field appears, complete one of the following steps:
    1. If you want the authorization to concern all tenant resources (like projects, models) of the chosen component, select All tenant resources.
    2. If you want the authorization to concern resources (like projects, models) that are descendants of a specific organization, select Resources descendants of and select the parent organization.
    3. If you want the authorization to concern a specific resource (like a project or a model), select Specific resource and select that resource from the list.
  10. In the Type field, select Grant.
  11. Select the permissions (like create, read, write) which you want the users of that group to have through this authorization.
  12. Click Add.

Deleting authorizations

To delete an authorization, complete the following steps:
  1. On the home page, click the Administration tab.
  2. Go to the Authorizations tab.
  3. Select the Tenant from the drop down list.
  4. From the list on the left, select a resource type from the Resource type list. A resource type is a feature of IBM Process Mining. For example, if you want to give someone an authorization to perform actions inside Analytics, go to Analytics > Dashboard resource type.
  5. In the row of the authorization which you want to delete, click the Delete button.
  6. Confirm that you want to delete this authorization.

Revoking authorizations

Revoking authorizations can be useful when, for example, you want to give the whole group a permission, but then revoke it from one specific user. To revoke an authorization, complete the following steps:
  1. On the home page, click the Administration tab.
  2. Go to the Authorizations tab.
  3. Select the Tenant from the drop down list.
  4. From the list on the left, select a resource type from the Resource type list. A resource type is a feature of IBM Process Mining. For example, if you want to give someone an authorization to perform actions inside Analytics, go to Analytics > Dashboard resource type.
  5. Click Add authorization.
  6. In the Subject type field, select whether you want to revoke an authorization from a user or a group.
  7. In the Subject field, select the specific user or user group from the list.
  8. In the Resource Type field, leave the resource type you selected before or select the required one.
  9. If the Target resource field appears, complete one of the following steps:
    1. If you want the authorization to concern all tenant resources (like projects, models) of the chosen component, select All tenant resources.
    2. If you want the authorization to concern resources (like projects, models) that are descendants of a specific organization, select Resources descendants of and select the parent organization.
    3. If you want the authorization to concern a specific resource (like a project or a model), select Specific resource and select that resource from the list.
  10. In the Type field, select Revoke.
  11. Select the permissions (like create, read, write) which you want to revoke through this authorization.
  12. Click Add.

Editing authorizations

To edit an authorization, complete the following steps:
  1. On the home page, click the Administration tab.
  2. Go to the Authorizations tab.
  3. Select the Tenant from the drop down list.
  4. From the list on the left, select a resource type from the Resource type list. A resource type is a feature of IBM Process Mining. For example, if you want to give someone an authorization to perform actions inside Analytics, go to Analytics > Dashboard resource type.
  5. In the row of the authorization which you want to edit, click the Edit button.
  6. Edit (add or remove) the permissions in that authorization.
  7. Click Save.