User Security Management - Fusion - Match_and_Merge

Warning: When you are developing applications, defining sources, and granting user privileges, remember that security settings are not visible in the EnterWorks UI when applications are configured and enabled for end users. Consider defining separate Fusion users, implementing a naming convention, or using some other system that controls access or indicates the privileges granted to users when they are allowed to view or run applications and their sub-objects.

There are two types of users: regular users and administrators. Administrators are allowed to perform all actions on all objects, therefore their privileges are never checked. Regular users are allowed to perform only actions for which they have been granted privileges, and can only perform those actions on objects for which they have been granted privileges.

There are two types of user privileges:

System privileges: System privileges control what actions a user may perform, for example, the ability to create an application.
Object privileges: Object privileges control which actions a user can perform on which objects.

Objects can contain sub-objects. For example, an application's sub-objects include sources and scenarios. Sub-objects inherit privileges granted to the parent object. For example, if you grant a user the ability to edit an application, the user can also edit any of the application's sub-objects.

You can grant less restrictive privileges for a sub-object than you granted for the parent object. For example, if you grant a user the ability view an application, you can allow them to edit the application's scenarios. You cannot make privileges for a sub-object more restrictive than those on its parent object. If you grant a user the ability to edit an application and do not grant the user the ability to edit the application's sources, the user will still be able to edit the sources.

Fusion user security is managed on the Users & Privileges page.

View a User's Existing Privileges

To view a user's existing privileges, on the Users & Privileges page, click the triangle to the left of the user's name. The user's Privileges editor will open.

The top row of the Privileges editor holds the Grant button. This button opens the dialog for granting user system and object privileges. (See Grant User Privileges.)

Beneath the top row are columns that list objects and sub-objects for which the user has already been granted permissions and the permissions they have been granted.

At the top of each column is a filter box. If you type text into a filter box, a dropdown will appear that allows you to select values that may appear in the list below. If you select a value, the privileges will be filtered to display only those privileges that meet the filter criteria. To clear a filter, click the button.

Grant or Edit User Privileges

To grant or edit a user's privileges:

In the Users & Privileges page, click the triangle to the left of the desired user's name. The Privilege editor for that user will appear.
Open the appropriate Privileges dialog:
- To grant the user new privileges, click the Grant button at the top of the Privileges editor to open the Grant Privileges dialog.
- To edit existing privileges, click the Edit Privileges button to the right of the privilege you want to edit. The Edit Privileges dialog will appear.
The specified Privileges dialog will open:
- Privilege id: (In the Edit Privileges dialog only.) This is for informational purposes and cannot be edited.
- User: This field is pre-populated with the user's name and it cannot be edited.
- Object: The object that privileges will be granted for:
  - system: If you select system:
    - Subobject: This will be empty.
    - Privilege:
      - create-app: Grant the user the ability to create applications.
  - any app:
    - Subobject: Select the sub-object you want to grant permissions for. The sub-objects will be apper as <sub-object-type>: *. The * means that the privileges granted will be for all sub-objects of that type.
    - Privilege:
      - list: This gives the user the ability to view a list of all objects and the specified types of sub-objects.
      - view: This gives the user the ability to view the contents of all objects and the specified types of sub-objects.
      - edit: This gives the user the ability to edit all objects and the specified types of sub-objects.
      - any: This give the user all privileges for all objects and sub-objects.
  - app: <application-name>:
    - Subobject: Select the sub-object you want to grant permissions for. The sub-objects will be appear as:
      - <sub-object-type>: *: The * means that the privileges granted will be for all sub-objects of that type.
      - <sub-object-type>: <sub-object-name>: Privileges will be granted for that sub-object only.
    - Privilege:
      - list: This gives the user the ability to view a list of the specified sub-objects in the specified object.
      - view: This gives the user the ability to view the contents of the specified sub-objects in the specified object.
      - edit: This gives the user the ability to edit the specified sub-objects in the specified object.
      - any: This give the user all privileges for the specified sub-objects in the specified object.
When you are finished the editing the user's privileges, click the Submit button.

Revoke a User's Privileges

To revoke a user's privilege:

In the Users & Privileges page, click the triangle to the left of the desired user's name. The Privilege editor for that user will appear.
Click the Revoke button on the row containing the privilege you want to revoke. The privilege will be removed.

User Security Management - Fusion - Match_and_Merge - 3.1

EnterWorks Fusion

View a User's Existing Privileges

Grant or Edit User Privileges

Revoke a User's Privileges