Help

Users and groups

Available with Standard or Advanced license.Available with Workflow Manager license.

Users are key to controlling what functionality is available and how things are carried out by each user as an individual. Users are registered with ArcGIS Workflow Manager for Desktop and associated with a specific Windows login so they can be authenticated automatically. They are used for the following:

  • Allowing/Denying access to the application
  • Retrieving database connection information
  • Controlling access to specific application functionality
  • User-stamping history
  • Assigning work to individuals

You can associate multiple groups with each user. This allows you to associate privileges (that are assigned to groups) with users by combining groups. The following diagram shows how the model allows users to be associated with different sets of privileges by associating them with groups:

Users Groups Privileges
Users and privileges are linked together through User Groups in Workflow Manager.

See the Privileges topic for information about the types of privileges available in the Workflow Manager system.

Configuring users and groups

User store

The Workflow Manager system authenticates who can access the system through their user name. Workflow Manager supports two types of user stores for user and groups—Traditional and Portal.

In the Traditional user store, the users and group are defined in the Workflow Manager Administrator and the users' user name is the Windows login. The users and group roles may be imported from the Active Directory as well, when using traditional user store.

In the Portal user store, the users belong to an ArcGIS Portal or Organization, and the users' user name is as defined in the Portal. The users are managed in the Portal, the user profile cannot be edited, and the users cannot be added or imported from the Active Directory in the Workflow Manager Administrator. The users are assigned to groups in the Workflow Manager Administrator and inherit the privileges based on the Workflow Manager groups.

Working with users

When the Traditional user store is utilized, users can be added and their user profile can be edited from the Workflow Manager Administrator. When the Portal user store is utilized, user profiles cannot be edited; however, the user can be added to the groups on the User Properties dialog box.

  1. Open the Administrator and connect to your Workflow Manager database.
  2. In the Workflow Manager Administrator, browse to the Users folder under Security.

    The Users list shows all the currently configured users. If no users are configured, the list is blank.

  3. Right-click the Users folder and click Add, or right-click an existing user and click Edit.

    The User Properties dialog box appears.

  4. Enter the required information (denoted with an asterisk [*]) with any additional information you want to input.

    User Properties
    Editing user profile

  5. Click the Groups tab.
  6. To add one or more groups, click Add.
  7. Select the groups you want to add from the list shown.

    User Groups
    Users are linked to application privileges through the groups they belong to.

  8. Add users into the Administrator group to grant them the AdministratorAccess privilege.

    This is an added level of protection to your database, ensuring that only users with this privilege can access the database from the Workflow Manager Administrator. All your Workflow Manager users can still access the repository from the client application to manage and execute their jobs.

  9. Click OK.
  10. Click OK again to close the User Properties dialog box and save changes.

Working with groups

User groups are used to categorize users for many reasons—specifically to assign privileges or roles, but also to classify the users for the purposes of assigning work. You may want to assign a current job or step to a group instead of an individual, so it can be carried out by anybody in that group. For example, a quality assurance step should be assigned to the QA/QC group ahead of time. Once that step is reached, users within this group can assign the step to themselves and complete the task.

When a new Workflow Manager database is created using the postinstallation, an Administrator group is created with the AdministratorAccess privilege. A Workflow Manager user is created with the Windows user name of the user running the postinstallation and is added to the Administrator group. In an existing Workflow Manager database being upgraded, the postinstalltion checks whether an Administrator group with the AdministratorAccess privilege exists; if it does not, the postinstallation creates the group and adds the user to the group. If the group already exists, the AdministratorAccess privilege is added to it along with the user.

Adding or editing a user group

You can manage the groups by adding or editing the properties of existing groups within your Workflow Manager system.

  1. Open the Configuration Manager and connect to your Workflow Manager database.
  2. In the Workflow Manager Configuration Manager, navigate to the Groups folder under Security.

    The User Groups list shows all the currently configured groups. If no groups are configured, the list is blank.

  3. Right-click the Groups folder and click Add, or right-click an existing group and click Edit.

    The Group Properties dialog box appears.

  4. Enter the required information, with additional information you want to input.
  5. Click OK to save changes.

Adding users or assigning privileges to the group

Privileges control what you want to allow certain groups and users to do in the Workflow Manager application. These privileges are assigned to groups via that administrator.

  1. On the Group Properties dialog box, navigate to the Users or Privileges tab.
  2. Click Add.
  3. Select the element you want to associate with the group.
  4. Click OK.
  5. Click OK again to close the Group Properties dialog box.

Importing users and groups from an active directory

Import users and groups from the active directory to synchronize the users within the Workflow Manager system and your organization. For example, if a new employee is added to your domain or an existing employee leaves, you can run the Import tool to update the list of users that can access the Workflow Manager application.

Importing users and groups from the active directory creates any new items that do not currently exist, updates the attributes (such as Name, Phone Number, Description) of any items that do exist, and removes any items that no longer exists in the active directory. Additionally, the group memberships for each user is maintained. If your system is set up to authenticate against domains, it only removes users that existed in the current domain. In addition, groups are not removed when authenticating against domains.

    The groups and users should already exist within your organization's domain active directory. In this scenario, WMXUsers and WMXGroups are all AD groups. Andy, Charlotte, and Jason are all active directory users. Within the active directory, membership is configured as shown in the diagram (Technicians is a member of the WMXGroups, Andy is a member of the WMXUsers and Technicians groups, and so forth). When importing into Workflow Manager, the user enters WMXUsers and WMXGroups into the two text boxes on the dialog box. After the import completes, Technicians and Managers are created as Workflow Manager groups, and Andy, Charlotte, and Jason are created as Workflow Manager users. The Workflow Manager group membership are created based on the AD group membership; therefore, in this case, the Andy and Jason Workflow Manager users belong to the Technicians Workflow Manager groups, and Charlotte belongs to the Manager group.
    Active directory users and group structure for Workflow Manager
  1. In the Workflow Manager Configuration Manager, click the Settings > Import/Export > Import Active Directory Configuration menu.

    The Import users/groups dialog box appears.

  2. Enter the required information.
    1. Specify the domain to import from.
    2. Specify a user name and password if the current user is not on the domain.
    3. Specify the active directory user group and group you want to import.

      These must already exist on your domain.

  3. Click Import.

    A message with a summary of the imported users and groups appears.

  4. Click OK to close the message.
  5. Navigate to the users container for verification.

    The list shows the new imported users.

Feedback on this topic?