Topic
Prev Next

Maintain Groups

Whilst you can apply access permissions to each user individually, it is easier and more convenient to assign all users with the same access permission(s) to a security group, and assign the permissions to all the members of that group in a single action.

The security group also acts as a mailbox for Model Mail, where the group name can be selected as the addressee; when an internal mail is sent to the group, all members of the group receive that email in their Model Mail view. The group name can act as either:

  • A mail list, in which case each group member receives their own copy of the message, or
  • A mail box, in which case the email is a single entity and the group members do not receive separate instances of it; if one group member responds to or deletes the email, the other group members see that action as if they had performed it themselves

Access

Ribbon

Configure > Security > Groups

Menu

Project | Security | Manage Groups

Set up a security group

Field/Button

Action

See also

New

Click on this button to clear the fields ready to define a new group.

Group Name

Type the security group name.

Description

Type a description of the group.

Save

Click on this button to save the group definition and add it to the Groups list.

Link to Active Directory

Select this checkbox to enable linking to a Windows Active Directory Group from which to import users. The 'Select Group' dialog displays on which you specify the Windows Active Directory Group to attach to. You then start importing the users when you click on the Sync button.

You must have 'Accept Active Directory Authentication' permission in Windows to link to the Active Directory; an error message displays if you do not have this.

Shared Mail

To make the group name act as a mail box, select this checkbox against the name in the list.

To use the group name as a mail list, leave the checkbox unselected.

Model Mail

Active Directory Link

Displays the address of the Active Directory Group that this user group is linked to, if any.

Sync

Enabled if the group is linked to a Windows Active Directory. Click on this button to synchronize the group with the Active Directory (that is, import specific users into the model from the Active Directory). You use this option when you initially set up the User Group; subsequent user IDs must be added to the user group manually.

Permissions

Lists the permissions that can be assigned to the user group. Select the checkbox against each permission the members of the group are to have.

Users

After you add users to the user group, they are listed in this panel.

Maintain Users

Close

Click on this button to close the dialog.

Notes

  • You must have 'Security - Manage Users' permission to manage user groups; the initial Admin administrator and Administrators group automatically have this permission
  • You do not define groups as group logins with passwords; if you intend to use a group login, you can define a single-user login and password that all group members use (that is, Enterprise Architect allows multiple logins under one user ID)
  • Users that have been imported from an Active Directory are listed in the 'Manage Users' dialog'; if the 'Accept Windows Authentication' option is enabled on that dialog, when a user opens the model the system checks the database for their Windows ID and, if it matches, automatically logs the user in without prompting for a password
  • Emails already sent to a group as a mail list and those sent to a group as a mailbox cannot be interchanged; if you change the status of the 'Shared Mail' checkbox, the only way to change the distribution of past emails is to forward them to the group name again
  • You can subsequently edit the group name; changes are automatically reflected in the internal Model Mail mail list or mail box

Learn more