Skip to main content

Applications

Applications in IAM

An application in the Intelligent Application Manager is a combination of a project version, a server and a database that will appear as a standalone application in the user interfaces. A project version can therefore result in several applications on different servers and/or for different databases. Each application has its own authorization and user preferences.

Applications are created by the application administrator. The application manager is responsible for granting users access to those applications, by creating users and user groups and assigning roles for specific applications to those user groups.

1537868299574 Authorization overview

Authorization

Grant a user group access to the application

Roles are distinct tasks or activities within an application. They are often named after the corresponding activity, like Approve hours or Report a ticket.

To grant a user group access to the application, roles need to be assigned to the user group:

menu Authorization > Applications > tab List 

  1. Select an application.

  2. Open tab Authorization.

  3. Select a user group from the list (left).

    A checkbox next to a user group indicates if any roles are assigned to the user group.

  4. In tab Roles > List, press the Assign role Apply roles task for the roles to which this user group needs access.

    Or: use the Apply default authorization Apply default authorization task to add the default user groups and role assignments to this application.

    Detailed information about granted role rights is available in the tab Role rights.

applications_authorization Linking roles to user groups

Inactive roles

When roles or modules are no longer available due to changes in modules, module authorization, or due to synchronization, the existing role assignments and module assignments will become inactive. This allows an administrator to fix mistakes in the configuration, either in IAM or during synchronization. In the example below, a role assignment is highlighted because its role is no longer available:

menu Authorization > Applications > tab Authorization > tab Roles

inactive roles The highlighted role is assigned but no longer available

Apply rights to a database

Tasks are available to apply the required rights to the databases:

menu Authorization > Applications > tab List

Task
Apply user rights Apply user rightsCreates the users and user groups on the application database
Apply user rights to IAM Apply user rights to IAMCreates the users on the IAM database

To be able to apply the rights to an SQL Server database, an application manager who is not a database system administrator needs additional database rights. This can be done using the following code snippet:

use [iam_database]
go

grant alter any user to [login_name]
go

use [application_database]
go

grant alter any user to [login_name]
go

use master
go

grant alter any login to [login_name]
go

Preferences

Hide columns and parameters

It is possible to hide columns, task parameters and report parameters application wide in the application preferences. This therefore applies to all the users in all the user groups.

menu Authorization > Applications > tab Preferences > tab Application preferences