Disponible avec une licence Standard ou Advanced.
Disponible avec une licence Workflow Manager.
Users are key to controlling what functionality is available and how things are carried out by each user as an individual. Users are registered with ArcGIS Workflow Manager for Desktop and associated with a specific Windows login so they can be authenticated automatically. They are used for the following:
- Allowing/Denying access to the application
- Retrieving database connection information
- Controlling access to specific application functionality
- User-stamping history
- Assigning work to individuals
You can associate multiple groups with each user. This allows you to associate privileges (that are assigned to groups) with users by combining groups. The following diagram shows how the model allows users to be associated with different sets of privileges by associating them with groups:
See the Privileges topic for information about the types of privileges available in the Workflow Manager system.
User store
The Workflow Manager system authenticates who can access the system through their user name. Workflow Manager supports two types of user stores for user and groups—Traditional and Portal.
In the Traditional user store, users and groups are defined in the Workflow Manager Administrator and a user's user name is the Windows login. User and group roles can be imported from the Active Directory as well when using the Traditional user store.
In the Portal user store, users belong to an ArcGIS Portal or Organization, and a user's user name is as defined in the Portal. Users are managed in the Portal, user profiles cannot be edited, and users cannot be added or imported from the Active Directory in the Workflow Manager Administrator. Users are assigned to groups in the Workflow Manager Administrator and inherit privileges based on the Workflow Manager groups.
Working with users
When the Traditional user store is used, users can be added and their user profiles can be edited from the Workflow Manager Administrator. When the Portal user store is used, user profiles cannot be edited; however, a user can be added to groups on the User Properties dialog box.
- Open the Administrator and connect to your Workflow Manager database.
- In the Workflow Manager Administrator, browse to the Users folder under Security.
The Users list shows all the currently configured users. If no users are configured, the list is blank.
- To add or edit a user, perform one of the following:.
Add a user to the store
Right-click the Users folder and click Add.
Edit an existing user profile
Right-click an existing user and click Edit.
The User Properties dialog box appears.
- Provide the required information (denoted with an asterisk [*]) and any additional information you want to input.
- Click the Groups tab.
- To add one or more groups, click Add.
- Choose the groups you want to add to the user profile from the list shown.
- Add users to the Administrator group to grant them the AdministratorAccess privilege.
This is an added level of protection to your database, ensuring that only users with this privilege can access the database from the Workflow Manager Administrator. All your Workflow Manager users can still access the repository from the client application to manage and execute their jobs.
- Cliquez sur OK.
- Click OK again to close the User Properties dialog box and save your changes.
Working with groups
User groups are used to categorize users for many reasons—specifically to assign privileges or roles, but also to classify users for the purposes of assigning work. You may want to assign a current job to a group instead of an individual, so it can be carried out by anybody in that group. For example, a quality assurance step should be executed by QA/QC group. The path connecting previous step with quality assurance step can be assigned ahead of time. Once that path is reached, the job is assigned to the QA/QC group and users within this group can assign the step to themselves and complete the task.
When a new Workflow Manager database is created using the Create Workflow Database tool, an Administrator group is created with the AdministratorAccess privilege. A Workflow Manager user is created with the Windows user name of the user running the tool and is added to the Administrator group. In an existing Workflow Manager database being upgraded, the tool checks whether an Administrator group with the AdministratorAccess privilege exists; if it does not, the tool creates the group and adds the user to the group. If the group already exists, the AdministratorAccess privilege is added to it along with the user.
Adding or editing a user group
You can manage groups by adding or editing the properties of existing groups within your Workflow Manager system.
- Open the Configuration Manager and connect to your Workflow Manager database.
- In the Workflow Manager Configuration Manager, browse to the Groups folder under Security.
The User Groups list shows all the currently configured groups. If no groups are configured, the list is blank.
- To add or edit a group, perform one of the following:
Add a group to the store
Right-click the Groups folder and click Add.
Edit an existing group
Right-click an existing group and click Edit.
The Group Properties dialog box appears.
- Provide the required information and any additional information you want to input.
- Click OK to save your changes.
Adding users or assigning privileges to the group
Use privileges to control what certain groups and users can do in the Workflow Manager application. Privileges are assigned to groups via the Workflow Manager Administrator.
- On the Group Properties dialog box, browse to the Users or Privileges tab.
- Click Add.
- Select the element you want to associate with the group.
- Cliquez sur OK.
- Click OK again to close the Group Properties dialog box.
Importing users and groups from an active directory
Import users and groups from the active directory to synchronize users within the Workflow Manager system and your organization. For example, if a new employee is added to your domain or an existing employee leaves, you can run the Import Active Directory Configuration tool to update the list of users that can access the Workflow Manager application.
Importing users and groups from the active directory creates any new users and groups that do not currently exist, updates the attributes (such as Name, Phone Number, Description) of any items that do exist, and removes any item that no longer exists in the active directory. Additionally, group memberships for each user are maintained. If your system is set up to authenticate against domains, it only removes users that existed in the current domain. In addition, groups are not removed when authenticating against domains. Users and groups can be imported from multiple domains when the system setting to Authenticate Users using Domain is enabled as the users and groups are updated for that specific domain.
The groups and users should already exist within your organization's domain active directory. In this scenario, WMXUsers and WMXGroups are all Active Directory groups. Andy, Charlotte, and Jason are all active directory users. Within the active directory, membership is configured as shown in the diagram (Technicians is a member of the WMXGroups, Andy is a member of the WMXUsers and Technicians groups, and so forth). When importing into Workflow Manager, the user enters WMXUsers and WMXGroups into the two text boxes on the dialog box. After the import completes, Technicians and Managers are created as Workflow Manager groups, and Andy, Charlotte, and Jason are created as Workflow Manager users. The Workflow Manager group membership is created based on the active directory group membership; therefore, in this case, the Andy and Jason Workflow Manager users belong to the Technicians Workflow Manager group, and Charlotte belongs to the Managers Workflow Manager group.
- In the Workflow Manager Configuration Manager, click Settings > Import/Export > Import Active Directory Configuration.
The Import users/groups dialog box appears.
- Provide the required information.
- Specify the domain to import from.
- Specify a user name and password if the current user is not on the domain.
- Specify the active directory user group and group you want to import.
These must already exist on your domain.
- Click Import.
A message with a summary of the imported users and groups appears.
- Click OK to close the message.
- Browse to the users container for verification.
The list shows the new imported users.