Managing user groups

User groups in IBM Process Mining help you manage users by assigning different permissions to them. You can assign a different set of permissions for each group depending on your requirements.

Default group types

The Administration page comes with a default set of groups that can be managed according to your requirements.

Table 1. Default groups in the Administration page

Group name Description
Administrators Administrators can add, edit, and delete users and groups. Administrators can also grant permissions to other users.
Analyst Users Analyst users can create, own, and modify projects in IBM Process Mining. They can also create and modify IBM Task Mining projects.
Business Users Business users have read access to the projects in IBM Process Mining and its components such as statistics, analytics, and BPMN. The business users cannot create or modify projects. This group is automatically assigned to all users when they are created.
MultiTenantAdministrators Multitenant administrators have multitenant access and possess all privileges of tenant administrators. In addition, they can also create tenants and multitenant administrators. For more information about tenants, see Managing tenants.
TutorialAdmin Tutorial administrators can create projects in IBM Process Mining tutorial organizations. By default, the Tutorial organization is present with all the tutorial projects. For more information about organizations, see Managing organizations.
TutorialUser Tutorial users can view the projects in the tutorial organization. This group is automatically assigned to all users when they are created.

For detailed information about which permissions and authorizations are automatically assigned to these default groups, see Default user group permissions.

Creating groups

You create more groups to further customize the permissions for users. To add a new group, complete the following steps:
  1. On the home page, click the Administration tab.
  2. Go to the Groups tab.
  3. Select the tenant in which you want to create a group.
  4. Click Add group.
  5. Enter the name of the group.
  6. Enter the SSO name of the group.
  7. Optional: if you want to clone permission from any of the already existing groups, select that group from the list.
  8. Click Add.
You can now find your newly created group in the Groups page. If you don't see it, type its name in the search bar to find it. To add members to the group, see Viewing and editing group members.

Viewing and editing group members

To view or edit the members of a group, complete the following steps:
  1. On the home page, click the Administration tab.
  2. Go to the Groups tab.
  3. Select the tenant in which your required group is.
  4. In the Groups list, find the group. If you don't see it, type its name in the search bar to find it.
  5. Click the Edit button in the group's row.
  6. Go to the Members tab. Here, you can find the list of users that belong to this group. You can perform the following actions:
    • To add a user to the group, click Add user, select the user from the list, and click Add.
      Important: The user gets all the permissions that are granted to the group.
    • To remove a user from a group, click the delete icon in the user's row and confirm that you want to remove this user.
    • To see the details of a user's account click the edit button in the user's row.

You can also add and remove users from the Users tab. For more information, see Adding users to groups and Removing users from groups.

Adding group authorizations

When you create a group, you can choose to give it authorizations by cloning them from a different group. For more information, see Creating groups. However, you can make some changes later on, like adding authorizations. To add an authorization to a group, complete the following steps:
  1. On the home page, click the Administration tab.
  2. Go to the Groups tab.
  3. Select the tenant in which your required group is.
  4. In the Groups list, find the group. If you don't see it, type its name in the search bar to find it.
  5. Click the Edit button in the group's row.
  6. Go to the Authorizations tab. Here, you can find all the authorizations that are assigned directly to the group or inherited from parent groups.
  7. Click Add authorization.
  8. Select the resource type (a component of IBM Process Mining, like Analytics or Business repository) that the authorization should concern.
  9. Complete one of the following steps:
    1. If you want the authorization to concern all tenant resources (like projects, models) of that component, select All tenant resources.
    2. If you want the authorization to concern resources (like projects, models) that are descendants of a specific organization, select Resources descendants of and select the parent organization.
    3. If you want the authorization to concern a specific resource (like a project or a model), select Specific resource and select that resource from the list.
  10. Select Grant.
  11. Select the permissions (like create, read, write) which you want the users of that group to have through this authorization.
  12. Click Add.
You can now see your newly created authorization in the list. For more information about authorizations, see Managing authorizations.

Revoking group authorizations

If you want to revoke certain authorizations from a group, complete the following steps:

  1. On the home page, click the Administration tab.
  2. Go to the Groups tab.
  3. Select the tenant in which your required group is.
  4. In the Groups list, find the group. If you don't see it, type its name in the search bar to find it.
  5. Click the Edit button in the group's row.
  6. Go to the Authorizations tab. Here, you can find all the authorizations that are assigned directly to the group or inherited from parent groups.
  7. In the row of the authorization which you want to revoke, click the Delete button.
  8. Confirm that you want to revoke this authorization.

Editing group authorizations

  1. On the home page, click the Administration tab.
  2. Go to the Groups tab.
  3. Select the tenant in which your required group is.
  4. In the Groups list, find the group. If you don't see it, type its name in the search bar to find it.
  5. Click the Edit button in the group's row.
  6. Go to the Authorizations tab. Here, you can find all the authorizations that are assigned directly to the group or inherited from parent groups.
  7. In the row of the authorization which you want to edit, click the Edit button.
  8. Edit (add or remove) the permissions in that authorization.
  9. Click Save.

Deleting groups

Warning: Deleting a group cannot be undone. Once a group is deleted, you are not be able to restore it.
To delete a group, complete the following steps:
  1. On the home page, click the Administration tab.
  2. Go to the Groups tab.
  3. Select the tenant in which your required group is.
  4. In the Groups list, find the group you want to delete.
  5. Click the trash icon delete button.
  6. Confirm that you want to delete this group.

Changing the group name

To change the group name, complete the following steps:
  1. On the home page, click the Administration tab.
  2. Go to the Groups tab.
  3. Select the tenant in which your required group is.
  4. In the Groups list, find the group. If you don't see it, type its name in the search bar to find it.
  5. Click the edit button in the group's row.
  6. Go to the Details tab.
  7. Enter a new name or edit the already existing name.
  8. Click Save Changes.