A Group is a collection of users with similar roles in an organization, and a collection of users who need to perform similar tasks on the Studio Manager site.
User Permissions are controlled through Groups. To assign permissions to users, add them to a group and assign permissions to the group as a whole.
Each group has a set of capabilities associated with it. These capabilities include creating, reviewing, and running files. Studio Manager includes a set of predefined groups for you to start with. You can modify these predefined groups according to the way you want to manage library and solution permissions. As an administrator, you can create any number of groups, and you can define group permissions according to your specific requirements.
With the exception of predefined global roles for administration (see administration-related predefined Global Roles), predefined and customized user groups are app-specific.
You can control library permissions through groups (see Manage Library Permissions). By default, solutions inherit permissions from the associated library. You can customize inherited library permissions.
Manage groups
You can perform the following on the Manage Groups tab:
- View groups
- Create new group
- Edit/change groups
- Add users to a group
- Remove users from a group
- Use AD Groups to manage permissions and roles
View groups
To view existing groups:
- Click the Apps menu. Go to the app for which you would like to view groups and click the icon in the Actions column.
- Click Configurations.
-
Click on the Manage Groups tab to see the following:
- Group Name
- Description
- Users (includes the number of users in the group)
Create a new group
You can create new groups for your apps.
The default (predefined) groups exist in all apps. Group details (such as which users belong to a group) are not included in all apps.
To create a new group:
- Click the Apps menu. Go to the app for which you would like to create a new group and click the icon in the Actions column.
- Click Configurations. Then click the Manage Groups tab.
- Click Add. Enter the group name and description and click Save. You will be notified that the group was added and the new group will be listed on the Manage Groups tab for that app.
Edit/change a group
You can edit/change the group name and description. To edit a group:
- Click the Apps menu. Go to the app for which you would like to edit/change the group and click the icon in the Actions column.
- Click Configurations, and click the Manage Groups tab.
- Select a group and click Edit.
- Change the group name or description and click Save.
- Changes update immediately and can be viewed on the Manage Groups tab. If the updates do not show, refresh the page.
Add users to a group
To add users to a group:
- Click the Apps menu. Go to the app for which you would like to add users to a group and click the icon in the Actions column.
- Click Configurations and then click the Manage Groups tab.
- Click on the number in the Users column which corresponds to the group.
- The Assign Users window will appear.
-
To add a user, select a name from the User field and click Add. The name will appear in Assigned Users window. Changes update immediately and can be viewed on the Manage Groups tab. If updates do not show, refresh the page.
furtherinformation: Further Information:- Users receive an email notification when they have been added to a group.
- Groups and group permissions are specific to each app. For example, users in a Solution Reviewer group in App 1 will not automatically be in a Solution Reviewer group in App 2; they must be added to these two groups independently.
- When a user is added to a group, all permissions associated with that group are automatically assigned to that user.
Remove users from a group
To remove users from a group:
- Click the Apps menu. Go to the app for which you would like to remove users from a group and click the icon in the Actions column.
- Click Configurations and click the Manage Groups tab.
- Click the number in the Users column which corresponds to the group.
- The Assign Users window will appear.
-
To remove a user, hover over the user’s name under the Assigned User window and click the delete icon. When prompted to confirm the deletion, click Yes. (To search for users in the group, you can opt to use the Search Users box.) Changes update immediately and can be viewed on the Manage Groups tab. If updates do not show, refresh the page.
furtherinformation: Further Information:- Users receive an email notification when they have been added to a group.
- Groups and users within a group are specific to each app. For example, users deleted from a Solution Reviewer group in App 1 must be separately deleted from a Solution Reviewer group in App 2.
- When users are removed from a group, they no longer have the permissions associated with that group.
Predefined user groups for apps
As an App Administrator, you can see the predefined user groups below.
|
Manage permissions and roles with AD Groups
-
The AD Sync feature is supported only with Windows Authentication. It is not supported with SAML and OAuth authentication.
-
AD Groups with 300 or more users, jobs run in the background (Background mode). For AD Groups with less than 300 users, jobs run in the foreground.
-
If user count in an AD Group is 300 or more, a warning message is displayed.
-
To make sure the Application users are in sync with AD, AD Sync job should run daily and in off business hours.
-
Scheduling AD Sync job weekly or at the weekend is not recommended, as this will cause security concerns. For example, a user is deleted from AD but Evolve application access will be revoked after 7 days.
AD Groups: App Roles Sync
An Admin can manage all App Group's assignments to users with an AD Group. Users will have these App Groups assigned automatically if their AD Groups are added to these App Groups.
AD Group: App Roles Sync - Details |
---|
The application allows App Admins/Global Admins to set one or multiple AD Groups for an “App Group”. |
Same AD Group can also be added in other Groups of same App. |
User must exist in Evolve application only then the App’s Group will be assigned. Note: Managing App role from AD Group will not add user automatically if a user does not exist. Therefore, a user will be added only if any of its AD Group is mapped with Licensing module. |
Any App’s Group added/assigned manually to a user by App-admin will not be removed by AD Group sync feature. |
App admin can remove a user from any App’s Group (Added manually or by AD Group sync feature) manually. This App Group will be added to this user again by AD-Group Sync feature (Sync Job or Manually Sync) if user’s AD Group still mapped in App’s Group. Therefore, it is recommended to remove the user from AD Groups too. |
Adding an AD Group to an App Group: Will add all the users of the AD Group to this App’s Group (Also these users must already exists in application, it won’t add new user in application like license sync). |
Remove an AD Group from an App Group: This will remove all users of this AD Group from current App Group. Note: As multiple AD Group can be added to an App Group, so a user may exist in another AD Groups of current App Group, for such cases these users will remain added to App Group. |
A user can refresh\sync its Licenses and App Groups from pages “My licenses” or ““My roles”. Refresh\sync request from any page will always sync both License and App Groups. |
Remove or Add users to AD Groups: These changes will be applied either by Sync Job or User manual sync action only. |
Users receive a notification for any change or update completed through AD Sync.
Add AD Groups for App Roles Sync
To add an AD Group for App Roles sync:
- Go to the Configuration page of the App for which you want to add an AD Group.
- On the Manage Groups tab, select the app group for which you want to add the AD Group by clicking the number in the AD Group column.
- In the panel that opens, provide the AD Group name and domain. You can also use the Lookup AD Group option to search for AD Groups.
- Once the group is located and added, click Add. You will receive a confirmation message that the group has been added successfully.
Remove AD Groups for App Roles Sync
To remove an AD Group for App Roles sync:
- Go to the Configuration page of the App for which you want to remove the AD Group.
- On the Manage Groups tab, select the app group for which you want to remove the AD Group by clicking the number in the AD Group column.
- In the panel that opens, click the Delete icon next to the AD Group that you want to remove.
- Once the group is deleted, you will receive a notification that the group has been removed successfully.
Global roles
- Global Administrator
- Reports Administrator
- Visitor
|
Add or remove users
You can add or remove administrators or visitors.
To add users to administration-related or visitor global roles:
- Click the Settings menu and then click Administrators.
- Click Edit. Select a name from the user drop-down list in the Administration group.
- Click Save. You will be notified that the changes have been saved successfully. If the updates do not show, refresh the page.
To remove users from administration-related or visitor global roles:
- Click the Settings menu and then click Administrators.
- Click Edit. Click the ‘X’ next to each user you need to delete from the Administration group.
- Click Save. You will be notified that the changes have been saved successfully. If the updates do not show, refresh the page.
You can add or remove groups to manage library permissions. Solutions inherit all permissions associated with the library they belong to.
Library Type | Permission Type | Permission |
---|---|---|
Transaction |
Process Permissions
Library Solution Permissions
|
Originator; Data Reviewer
Solution Developer; Solution Reviewer |
Query |
Process Permissions
Library Solution Permissions
|
Originator
Solution Developer; Solution Reviewer |
Excel Solution |
Process Permissions
Library Solution Permissions
|
Originator
Solution Developer; Solution Reviewer |
Forms |
Process Permissions
Library Solution Permissions
|
Originator
Solution Developer |
Reference Data |
Process Permissions
Library Solution Permissions
|
Originator; Data Reviewer
Solution Developer |
Permission Types: definitions
-
1. Library Solution Permissions manage Solution access for a) development and b) review. See just below for definitions.
-
Solution Developer. When a Group is added to this permission, the users within that Group can create or update solutions within this library. Example: If it is a Transaction type library, users can create or update Transaction solutions in this library. Note that for this Transaction library example, the user must have the required valid license.
-
Solution Reviewer: When a Group is added to this permission, the users within that Group can be the solution reviewer – for the solution within this library only. If this is a Transaction type library, these users will be listed in the Reviewers list and the solution submitter can select one of the reviewers to review the solution.
-
-
2. Process Permissions manage either a specific solution or the start of the document process for solutions belonging to a specific library. They include Originator and Data Reviewer permissions; please see just below for definitions.
-
Originator: When a Group is added to this permission, the users within that Group can submit new solution documents and/or launch a document process or form process for a given solution. By default, solutions inherit this permission from their library. In addition, Administrators can control this permission for a specific solution.
-
Data Reviewer: When a Group is added to this permission, the users within that Group can participate in the document review process (applicable to Standard Workflow only). If this is a Transaction type solution, the document submit wizard includes these users in the Reviewer list. The document submitter can then select one of the reviewers to review the document.
-
Add library permissions
To manage library permissions, you must have one of the following global roles or be a part of the following permission groups:
- Global Administrator
- App Administrator
To add library permissions:
- Click the Apps menu. Go to the app for which you would like to add library permissions and click the icon in the Actions column.
- Click Configurations and then click the Manage Libraries tab.
- Select the library and click Manage Library Permissions .
- Click Solution Permissions and then select groups for Solution Developer and Solution Reviewer permissions.
- Click Save. You will be notified that the permissions have been added successfully.
- Click Process Permissions and then select groups for Originator and Data Reviewer permissions.
- Click Save. You will be notified that the permissions have been added successfully.
Remove library permissions
- Global Administrator
- App Administrator
To remove library permissions:
- Click the Apps menu. Go to the app for which you would like to remove library permissions and click the icon in the Actions column.
- Click Configurations and then click the Manage Libraries tab.
- Select the library and click Manage Library Permissions .
- Click the library permissions category (Library Solutions or Processes) you need to edit.
- Hover over the group name and click the ‘X’ to delete that group.
- Click Save.
Solutions inherit all permissions of the library they belong to. You can choose to edit the inherited permissions for specific solutions.
- Global Administrator
- App Administrator
Edit/change solution permissions
To edit/change solution permissions:
- Click the Apps menu. Go to the app for which you would like to edit/change solution permissions and click the icon in the Actions column.
- Click Configurations and click on Manage Solutions.
- Select the Library from the libraries window and then select the solution for which you want to edit/change permissions.
- Click the Manage Permissions button. The Manage Solution Permissions page will appear.
- Click the library permission category (Library Solutions or Processes) you wish to edit/change and click Stop Inheriting Permissions.
- When prompted to confirm, click Yes.
- You can opt to delete permission groups by clicking the ‘X’ next to that group. You can also opt to add another group by selecting it from the drop-down list.
- Click Save. You will be notified that the unique permissions for that solution have been updated successfully.