Applications
Applications in IAM
An application in the Intelligent Application Manager is a combination of a project version, a server and a database that will appear as a standalone application in the user interfaces. A project version can therefore result in several applications on different servers and/or for different databases. Each application has its own authorization and user preferences.
Applications are created by the application administrator. The application manager is responsible for granting users access to those applications, by creating users and user groups and assigning roles for specific applications to those user groups.
Authorization overview
Authorization
Grant a user group access to the application
Roles are distinct tasks or activities within an application. They are often named after the corresponding activity, like Approve hours or Report a ticket.
To grant a user group access to the application, roles need to be assigned to the user group:
***menu Authorization > Applications > tab List ***
-
Select an application.
-
Open tab Authorization.
-
Select a user group from the list (left).
A checkbox next to a user group indicates if any roles are assigned to the user group.
-
In tab Roles > List, press the Assign role
task for the roles to which this user group needs access.Or: use the Apply default authorization
task to add the default user groups and role assignments to this application.Detailed information about granted role rights is available in the tab Role rights.
Linking roles to user groups
Inactive roles
When roles or modules are no longer available due to changes in modules, module authorization, or due to synchronization, the existing role assignments and module assignments will become inactive. This allows an administrator to fix mistakes in the configuration, either in IAM or during synchronization. In the example below, a role assignment is highlighted because its role is no longer available:
menu Authorization > Applications > tab Authorization > tab Roles
The highlighted role is assigned but no longer available
Apply rights to a database
Tasks are available to apply the required rights to the databases:
menu Authorization > Applications > tab List
| Task | |
|---|---|
 Apply user rights | Creates the users and user groups on the application database |
 Apply user rights to IAM | Creates the users on the IAM database |
To be able to apply the rights to an SQL Server database, an application manager who is not a database system administrator needs additional database rights. This can be done using the following code snippet:
use [iam_database]
go
grant alter any user to [login_name]
go
use [application_database]
go
grant alter any user to [login_name]
go
use master
go
grant alter any login to [login_name]
go
Preferences
Hide columns and parameters
It is possible to hide columns, task parameters and report parameters application wide in the application preferences. This therefore applies to all the users in all the user groups.
menu Authorization > Applications > tab Preferences > tab Application preferences
