Assign users to user groups

A user group bundles a set of users. Once a user group is assigned to an object such as an application, component, business capability, etc., it is referred to as the object's authorized user group . The authorized user who creates an object may assign one or more authorized user groups to the object who shall have read/write permissions to the object. The users in an authorized user group have read/write permissions to the objects when they are logged in with a user profile that grants read/write access permissions.

Recommendation:

• Create user groups that are responsible for your company's organizational and business structures. Users that shall access Alfabet with the user profile Portfolio Manager will be able to see all objects in the repository regardless of object authorization. Consider whether you want to set up safeguards so that only a small set of users can edit important business structures such as organizations, business capabilities, or business processes.
• Create user groups for users that are responsible for their areas of expertise. Users that shall access Alfabet with the user profile Portfolio Manager will be able to see all objects in the repository regardless of object authorization. Consider whether their ability to modify the data should be limited to only the objects relevant for their domain of expertise. For example, maybe only a particular set of users should be able to modify assets in the application architecture or the technology architecture, or maybe only some users shall have the capacity to create or change existing projects.

  Note that the user group concept is irrelevant for users accessing Alfabet with the user profile Portfolio Analyst. Although users with this user profile will be able to see all objects in the repository regardless of object authorization, they will have only read-only access permissions and not be able to edit any objects.

• Create user groups for users that are only responsible for data capture activities. Users that shall access Alfabet with the user profiles Application Manager and Technology Manager could be assigned to user groups that only permit them to create and edit the objects that are relevant for their data capture activities. When users access the functionality available for Application Manager and Technology Manager, they will only see the object's associated with the user groups they have been assigned to. Only the objects visible to them can be edited. This ensures that users with data steward responsibilities only have access to objects that are relevant for their tasks and not to objects they are not authorized to see or change.

Create a new user group

1. Go to Account Management < User Group Administration
2. The User Groups explorer displays all existing user groups and subordinate user groups. Any user group may contain an unlimited number of users.
   • Click the root node to create a root-level user group.
   • Click a user group to create a subordinate user group.
3. Click New > Create User Group. Specify a name and enter a description for the user group.

Assign users to a user group

1. Go to Account Management < User Administration.
2. Select a user in the data table and navigate to the profile.
3. Open the User Group Memberships view. Click New > Assign User Groups and select the user groups to assign to the user.