Permissions on the package
- Permissions to parts of the repository
- Default settings
- User/group role specifications
- Owner
- Setting permissions on package
- Authorization if the user is a member of two groups with different permissions
Permissions to parts of the repository
EA Information Portal supports a permission system at the package level (repository browser tree branches), both for reading and (since version 7.5) for writing.
It is therefore possible to restrict the reading of parts of the model to specific groups or users. This functionality is not available in Enterprise Architect itself.
It is therefore possible to restrict access of certain users to (for example) specific projects, sensitive processes, risk analyses, strategic business models, etc.
This feature fundamentally supports the effort to have all models in one repository.
Permissions can be set for groups and users.
Permissions are applied hierarchically from the package they are set on down.
Default settings
EA Infoport supports a permission system at the package level (repository browser tree branches), both for reading and (since version 7.5) for writing.
Thus, it is possible to restrict the reading of parts of the model to certain groups or users.
It is thus possible to restrict access of certain users to (for example) specific projects, sensitive processes, risk analyses, strategic business models, etc.
If there is no default setting, i.e. the setting is taken from the parent root package, then the repository is not visible by default, or reading is not allowed.
Permissions can be set for groups and users, via the "Permissions" button.
The rights are applied hierarchically from the package on which they are set downwards.
EA Infoport allows you to disable/allow users or groups from accessing different packages by default using the following button:
Without default settings
Reading is enabled by default
Reading is disabled by default
User/group role specifications
If the default settings are not enough and we need to specify a range of other users, it is possible to specify roles and access directly on the user or group.
The table below shows the legality of the powers:
|
Role |
read |
edit |
delete |
reviewed |
|
Reader |
✔ |
x |
x |
x |
|
Editor |
✔ |
✔ |
x |
✔ |
|
Permission Delete |
✔ |
x |
✔ |
x |
|
Reviewer |
✔ |
x |
x |
✔ |
|
Owner |
✔ |
✔ |
✔ |
✔ |
Owner
The EA Information Portal supports a package-level permission system (repository browser tree branches), both read and (as of version 7.5) write.
It is therefore possible to restrict the reading of parts of the model to specific groups or users. This functionality is not available in Enterprise Architect itself.
It is therefore possible to restrict access of certain users to (for example) specific projects, sensitive processes, risk analyses, strategic business models, etc.
The rights are applied hierarchically from the package on which they are set downwards.
In this context, a new role is introduced in EA Infoport - the owner of a process part. This role will be able to assign read, write (and other) rights to the parts of the model it owns (tree branches). The owner can be users or groups. This role is introduced so that the repository administrator (admin) does not have to set all read and write permissions.
Example of use
- Restricting access of external contractors working on a common project. Everyone can only see what they are allowed to see.
- In case of termination of cooperation with a contractor, it is sufficient to terminate access through the EA Information Portal.
Permissions on the package
Setting permissions on package
The permission settings on package are shown in the table below:
| Parent | Default | Group | Personal | Result |
| no | - | - | - | no |
| no | no | - | - | no |
| no | yes | - | - | yes |
| no | x | - | no | no |
| no | x | - | yes | yes |
| no | x | no | - | no |
| no | x | yes | - | yes |
| no | x | no | no | no |
| no | x | no | yes | yes |
| no | x | yes | no (not possible)** | yes |
| no | x | yes | yes | yes |
| yes | - | - | - | yes |
| yes | no | - | - | no |
| yes | yes | - | - | yes |
| yes | x | - | no | no |
| yes | x | - | yes | yes |
| yes | x | no | - | no |
| yes | x | yes | - | yes |
| yes | x | no | no | no |
| yes | x | no | ano (not possible)** | no |
| yes | x | yes | no | no |
| yes | x | yes | yes | yes |
* If you set permissions on a group, the settings are automatically checked on the user who is a member of the group.
- not specified
x value does not matter
If there is no default setting i.e. the setting is taken from the parent root package, the repository is not visible by default, or reading is not allowed.
Authorization if the user is a member of two groups with different permissions
| Package default | Group A - Manager | Group B - basic | Result |
| Without settings* | Without settings* | Without settings* | Disabled |
| Enabled | Without settings* | Without settings* | Enabled |
| Disabled | Without settings* | Without settings* | Disabled |
| Enabled | Enabled | Enabled | Enabled |
| Disabled | Disabled | Disabled | Disabled |
| Enabled | Enabled | Disabled | Disabled |
| Disabled | Enabled | Disabled | Disabled |
*only for new "root" in other cases the settings are inherited from a higher package
Correction if the user is a member of two groups with different permissions and also has individual settings
| Package default | Group A - Manager | Group B - basic | Result | Individual settings | Result |
| Without settings* | Without settings* | Without settings* | Disabled | Enabled | Enabled |
| Enabled | Without settings* | Without settings* | Enabled | Disabled | Disabled |
| Disabled | Without settings* | Without settings* | Disabled | Enabled | Enabled |
| Enabled | Enabled | Enabled | Enabled | Disabled | Disabled |
| Disabled | Disabled | Disabled | Disabled | Enabled | Enabled |
| Enabled | Enabled | Disabled | Disabled | cannot be allowed** | Disabled |
| Disabled | Enabled | Disabled | Disabled | cannot be allowed** | Enabled |
** the message successfully removed/added but settings are not saved, group settings cannot be overridden