Manage users and access permissions

Alfabet ensures that the right people will see the right information at the right time. You can create and manage user accounts and assign the users to user groups and user profiles.

User profiles are the entry point to Alfabet. Every user must access Alfabet with a user profile that has been assigned by the user administrator. Users may have more than one user profile depending on their responsibilities. The user profile will determine the set of functionality and views that a user can see as well as whether they have read-only vs. read/write permissions to the objects they see. The following preconfigured user profiles are available:

• The Portfolio Admin user profile is for superusers who are responsible to complete administrative tasks. They have exclusive access to views that are required for user and account management, data import, administrative jobs, and configuration and have read/write permissions to all data in the repository regardless of object authorization.
• The Portfolio Manager user profile is for users who are responsible to input, maintain and analyze data relevant for IT portfolio management. Users can view all assets in the repository and have read/write permissions to all assets that they have authorized access to via the authorized user or authorized user group definition.

  authorized user

  An authorized user has primary responsibility to maintain the data for an object. Typically this is the user that has created the object. The authorized user as well as members of authorized user groups have write permissions to objects they are responsible for.

  authorized user group

  An authorized user group is a set of users that have been granted write permissions to an object. More than one authorized user group may be specified for an object.

• The Application Manager user profile is for users who are responsible for capturing and maintaining data relevant for application portfolio management.
• The Technology Manager user profile. is for users who are responsible for capturing and maintaining data relevant for technology portfolio management.
• The Portfolio Analyst user profile is for users who are interested in seeing up-to-date analytics about the IT portfolio in order to understand the most business-relevant questions and make informed strategic decisions. Users can view all business questions and have read-only access permissions to all assets in the repository.
• The Resource Manager user profile is for users that are responsible for maintaining the data relevant offered and requested resources in order to manage the availability and consumption of skills by organizations, teams, and projects.
• The Team Member user profile allows users who are specified to provide skills and resources to manage those tasks and their timesheets.

About permissions to work with data:

The ability for a user to create a new asset such as an application, component, business capability, etc. in the repository or edit the existing assets is managed via several rules in Alfabet. An asset can only be edited if three requirements are fulfilled:

• The user accesses Alfabet with a user profile that provides read/write permissions.

  user profile

  A user profile determines the preconfigured set of functionalities and views in Alfabet. Every user must have at least one user profile to log in. The user profile will grant either read-only or read/write permissions to the objects that are visible to the user.

• The user is granted authorization to the asset because they are the authorized user of the asset or a member of an authorized user group that is specified for the asset.

  authorized user

  An authorized user has primary responsibility to maintain the data for an object. Typically this is the user that has created the object. The authorized user as well as members of authorized user groups have write permissions to objects they are responsible for.

  authorized user group

  An authorized user group is a set of users that have been granted write permissions to an object. More than one authorized user group may be specified for an object.

  If no authorized user or authorized user group is specified for an asset, all users will have read/write permissions to it.

• The asset has a release status that allows it to be edited. For example, an asset with a retired or sundowned release status can no longer be changed.

  release status

  A release status describes the state of approval or agreement about an object in the enterprise. For example, the release status of an application might be Draft, Described, Reviewed, Approved,Rejected, or Retired. Release statuses may determine whether an object can be edited. For example, an application with a release status set to Approved cannot be deleted.