Available with Standard or Advanced license.Available with Workflow Manager license.
Users are key to controlling what functionality is available and how things are carried out by each user as an individual. Users are registered with ArcGIS Workflow Manager for Desktop and associated with a specific Windows login so they can be authenticated automatically. They are used for the following:
- Allowing/Denying access to the application
- Retrieving database connection information
- Controlling access to specific application functionality
- User-stamping history
- Assigning work to individuals
You can associate multiple groups with each user. This allows you to associate privileges (that are assigned to groups) with users by combining groups. The following diagram shows how the model allows users to be associated with different sets of privileges by associating them with groups:
See the Privileges topic for information about the types of privileges available in the Workflow Manager system.
Configuring users and groups
The Workflow Manager system authenticates who can access the system through their user name. Workflow Manager supports two types of user stores for user and groups—Traditional and Portal.
In the Traditional user store, the users and group are defined in the Workflow Manager Administrator and the users' user name is the Windows login. The users and group roles may be imported from the Active Directory as well, when using traditional user store.
In the Portal user store, the users belong to an ArcGIS Portal or Organization, and the users' user name is as defined in the Portal. The users are managed in the Portal, the user profile cannot be edited, and the users cannot be added or imported from the Active Directory in the Workflow Manager Administrator. The users are assigned to groups in the Workflow Manager Administrator and inherit the privileges based on the Workflow Manager groups.
Working with users
When the Traditional user store is utilized, users can be added and their user profile can be edited from the Workflow Manager Administrator. When the Portal user store is utilized, user profiles cannot be edited; however, the user can be added to the groups on the User Properties dialog box.
- Open the Administrator and connect to your Workflow Manager database.
- In the Workflow Manager Administrator, browse to the Users folder under Security.
The Users list shows all the currently configured users. If no users are configured, the list is blank.
- Right-click the Users folder and click Add, or right-click an existing user and click Edit.
The User Properties dialog box appears.
- Enter the required information (denoted with an asterisk [*]) with any additional information you want to input.
- Click the Groups tab.
- To add one or more groups, click Add.
- Select the groups you want to add from the list shown.
- Add users into the Administrator group to grant them the AdministratorAccess privilege.
This is an added level of protection to your database, ensuring that only users with this privilege can access the database from the Workflow Manager Administrator. All your Workflow Manager users can still access the repository from the client application to manage and execute their jobs.
- Click OK.
- Click OK again to close the User Properties dialog box and save changes.
Working with groups
User groups are used to categorize users for many reasons—specifically to assign privileges or roles, but also to classify the users for the purposes of assigning work. You may want to assign a current job or step to a group instead of an individual, so it can be carried out by anybody in that group. For example, a quality assurance step should be assigned to the QA/QC group ahead of time. Once that step is reached, users within this group can assign the step to themselves and complete the task.
When a new Workflow Manager database is created using the postinstallation, an Administrator group is created with the AdministratorAccess privilege. A Workflow Manager user is created with the Windows user name of the user running the postinstallation and is added to the Administrator group. In an existing Workflow Manager database being upgraded, the postinstalltion checks whether an Administrator group with the AdministratorAccess privilege exists; if it does not, the postinstallation creates the group and adds the user to the group. If the group already exists, the AdministratorAccess privilege is added to it along with the user.
Adding or editing a user group
You can manage the groups by adding or editing the properties of existing groups within your Workflow Manager system.
- Open the Configuration Manager and connect to your Workflow Manager database.
- In the Workflow Manager Configuration Manager, navigate to the Groups folder under Security.
The User Groups list shows all the currently configured groups. If no groups are configured, the list is blank.
- Right-click the Groups folder and click Add, or right-click an existing group and click Edit.
The Group Properties dialog box appears.
- Enter the required information, with additional information you want to input.
- Click OK to save changes.
Adding users or assigning privileges to the group
Privileges control what you want to allow certain groups and users to do in the Workflow Manager application. These privileges are assigned to groups via that administrator.
- On the Group Properties dialog box, navigate to the Users or Privileges tab.
- Click Add.
- Select the element you want to associate with the group.
- Click OK.
- Click OK again to close the Group Properties dialog box.
Importing users and groups from an active directory
Import users and groups from the active directory to synchronize the users within the Workflow Manager system and your organization. For example, if a new employee is added to your domain or an existing employee leaves, you can run the Import tool to update the list of users that can access the Workflow Manager application.
Importing users and groups from the active directory creates any new items that do not currently exist, updates the attributes (such as Name, Phone Number, Description) of any items that do exist, and removes any items that no longer exists in the active directory. Additionally, the group memberships for each user is maintained. If your system is set up to authenticate against domains, it only removes users that existed in the current domain. In addition, groups are not removed when authenticating against domains.
- In the Workflow Manager Configuration Manager, click the Settings > Import/Export > Import Active Directory Configuration menu.
The Import users/groups dialog box appears.
- Enter the required information.
- Specify the domain to import from.
- Specify a user name and password if the current user is not on the domain.
- Specify the active directory user group and group you want to import.
These must already exist on your domain.
- Click Import.
A message with a summary of the imported users and groups appears.
- Click OK to close the message.
- Navigate to the users container for verification.
The list shows the new imported users.