Understand access permissions

Alfabet ensures that the right people will see the right information at the right time. The following section explains the concepts behind what users can see and do in Alfabet.

• User profile: The user profile determines the set of functionality and views that a user can see as well as whether they have read-only vs. read/write permissions to the assets they see in Alfabet.

  asset

  An asset is a term that refers to an IT artifact such as an application, business capability, component, etc. captured in the data repository. In the technical sense, assets are objects based on object classes.

• Authorized user: The authorized user is typically the user who creates the asset in Alfabet. The authorized user has read-write permissions to their assets.
• Authorized user group: One or more authorized user groups can be specified for each asset. All users belonging to the authorized user group have the same access permissions as an authorized user.
• Role: A role describes the functional relationship that a user or organization has for an object. A person assigned a role for an asset will not have read/write permissions based on the role definition. The role is primarily for documentation purposes to provide information about stakeholders interested or responsible for the asset.

The ability for a user to create a new asset such as an application, component, business capability, etc. in the repository or edit the existing assets is managed via several rules in Alfabet. An asset can only be edited if three requirements are fulfilled:

• The user accesses Alfabet with a user profile that provides read/write permissions.

  user profile

  A user profile determines the preconfigured set of functionalities and views in Alfabet. Every user must have at least one user profile to log in. The user profile will grant either read-only or read/write permissions to the objects that are visible to the user.

• The user is granted authorization to the asset because they are the authorized user of the asset or a member of an authorized user group that is specified for the asset.

  authorized user

  An authorized user has primary responsibility to maintain the data for an object. Typically this is the user that has created the object. The authorized user as well as members of authorized user groups have write permissions to objects they are responsible for.

  authorized user group

  An authorized user group is a set of users that have been granted write permissions to an object. More than one authorized user group may be specified for an object.

  If no authorized user or authorized user group is specified for an asset, all users will have read/write permissions to it.

• The asset has a release status that allows it to be edited. For example, an asset with a retired or sundowned release status can no longer be changed.

  release status

  A release status describes the state of approval or agreement about an object in the enterprise. For example, the release status of an application might be Draft, Described, Reviewed, Approved,Rejected, or Retired. Release statuses may determine whether an object can be edited. For example, an application with a release status set to Approved cannot be deleted.