Managing user groups
User groups in IBM Process Mining help you manage users by assigning different permissions to them. You can assign a different set of permissions for each group depending on your requirements.
Default group types
The Administration page comes with a default set of groups that can be managed according to your requirements.
Table 1. Default groups in the Administration page
| Group name | Description |
|---|---|
| Administrators | Administrators can add, edit, and delete users and groups. Administrators can also grant permissions to other users. |
| Analyst Users | Analyst users can create, own, and modify projects in IBM Process Mining. They can also create and modify IBM Task Mining projects. |
| Business Users | Business users have read access to the projects in IBM Process Mining and its components such as statistics, analytics, and BPMN. The business users cannot create or modify projects. This group is automatically assigned to all users when they are created. |
| MultiTenantAdministrators | Multitenant administrators have multitenant access and possess all privileges of tenant administrators. In addition, they can also create tenants and multitenant administrators. For more information about tenants, see Managing tenants. |
| TutorialAdmin | Tutorial administrators can create projects in IBM Process Mining tutorial organizations. By default, the Tutorial organization is present with all the tutorial projects. For more information about organizations, see Managing organizations. |
| TutorialUser | Tutorial users can view the projects in the tutorial organization. This group is automatically assigned to all users when they are created. |
For detailed information about which permissions and authorizations are automatically assigned to these default groups, see Default user group permissions.
Creating groups
You create more groups to further customize the permissions for users. To add a new group,
complete the following steps:
- On the home page, click the Administration tab.
- Go to the Groups tab.
- Select the tenant in which you want to create a group.
- Click Add group.
- Enter the name of the group.
- Enter the SSO name of the group.
- Optional: if you want to clone permission from any of the already existing groups, select that group from the list.
- Click Add.
Viewing and editing group members
To view or edit the members of a group, complete the following steps:
- On the home page, click the Administration tab.
- Go to the Groups tab.
- Select the tenant in which your required group is.
- In the Groups list, find the group. If you don't see it, type its name in the search bar to find it.
- Click the Edit button in the group's row.
- Go to the Members tab. Here, you can find the list of users that belong to this group.
You can perform the following actions:
- To add a user to the group, click Add user, select the user from the list, and click
Add.Important: The user gets all the permissions that are granted to the group.
- To remove a user from a group, click the delete icon in the user's row and confirm that you want to remove this user.
- To see the details of a user's account click the edit button in the user's row.
- To add a user to the group, click Add user, select the user from the list, and click
Add.
You can also add and remove users from the Users tab. For more information, see Adding users to groups and Removing users from groups.
Adding group authorizations
When you create a group, you can choose to give it authorizations by cloning them from a
different group. For more information, see Creating groups.
However, you can make some changes later on, like adding authorizations. To add an authorization to
a group, complete the following steps:
- On the home page, click the Administration tab.
- Go to the Groups tab.
- Select the tenant in which your required group is.
- In the Groups list, find the group. If you don't see it, type its name in the search bar to find it.
- Click the Edit button in the group's row.
- Go to the Authorizations tab. Here, you can find all the authorizations that are assigned directly to the group or inherited from parent groups.
- Click Add authorization.
- Select the resource type (a component of IBM Process Mining, like Analytics or Business repository) that the authorization should concern.
- Complete one of the following steps:
- If you want the authorization to concern all tenant resources (like projects, models) of that component, select All tenant resources.
- If you want the authorization to concern resources (like projects, models) that are descendants of a specific organization, select Resources descendants of and select the parent organization.
- If you want the authorization to concern a specific resource (like a project or a model), select Specific resource and select that resource from the list.
- Select Grant.
- Select the permissions (like create, read, write) which you want the users of that group to have through this authorization.
- Click Add.
Revoking group authorizations
If you want to revoke certain authorizations from a group, complete the following steps:
- On the home page, click the Administration tab.
- Go to the Groups tab.
- Select the tenant in which your required group is.
- In the Groups list, find the group. If you don't see it, type its name in the search bar to find it.
- Click the Edit button in the group's row.
- Go to the Authorizations tab. Here, you can find all the authorizations that are assigned directly to the group or inherited from parent groups.
- In the row of the authorization which you want to revoke, click the Delete button.
- Confirm that you want to revoke this authorization.
Editing group authorizations
- On the home page, click the Administration tab.
- Go to the Groups tab.
- Select the tenant in which your required group is.
- In the Groups list, find the group. If you don't see it, type its name in the search bar to find it.
- Click the Edit button in the group's row.
- Go to the Authorizations tab. Here, you can find all the authorizations that are assigned directly to the group or inherited from parent groups.
- In the row of the authorization which you want to edit, click the Edit button.
- Edit (add or remove) the permissions in that authorization.
- Click Save.
Deleting groups
Warning: Deleting a group cannot be undone. Once a group is deleted, you are not be able
to restore it.
To delete a group, complete the following steps:
- On the home page, click the Administration tab.
- Go to the Groups tab.
- Select the tenant in which your required group is.
- In the Groups list, find the group you want to delete.
- Click the trash icon delete button.
- Confirm that you want to delete this group.
Changing the group name
To change the group name, complete the following steps:
- On the home page, click the Administration tab.
- Go to the Groups tab.
- Select the tenant in which your required group is.
- In the Groups list, find the group. If you don't see it, type its name in the search bar to find it.
- Click the edit button in the group's row.
- Go to the Details tab.
- Enter a new name or edit the already existing name.
- Click Save Changes.