Workstation Feature: User and Group Management

Product Owner • Strategy

Starting with the release of Strategy ONE (March 2024), dossiers are also known as dashboards.
Best Practices
User and Group Management in Workstation
In 10.10, user and group management became available in Workstation. This feature provides a way to perform privilege control and user management. An administrator can grant security roles to users and groups in different applications. In this case, users can access objects and functionalities specific to the users' business roles.
Value
Like most security architectures, the Strategy security model is built around the concept of a user. A user can perform tasks, such as creating objects or executing reports and documents, and can generally take advantage of all the other features of the Strategy platform. A user group is a collection of users, and these groups may be assigned privileges and permissions to interact with objects. User groups provide a convenient way to manage a large number of users. The Everyone group provides an easy way to assign privileges, security roles and membership to all users. With this functionality, Workstation is a one-stop-shop for user and security access management for your administrative needs.
Architecture
Users and user groups are server objects, not project objects. When you create a new user, the user automatically belongs to the Everyone group. The Everyone Group only contains users and does not contain user groups. Everyone group is a root user group. You can also define other root user groups besides Everyone group. No user is allowed to be at root level. Each group (except for Everyone) can contain users and groups. A user or a user group can belong to different groups.

For example, in the graph below. Everyone, Group A and Group C are root user groups. As mentioned before, there are no users at root level. User A and Group B are children of Group A and Group C. Notice that a group cannot be a child of its own children. For example, Group B belongs to Group A, so you cannot set Group A to be a child of Group B. If you try to do so, you will see an error (the check will be done from the server side). Since Group B and User A are children of Group A and Group C, they have all privileges granted to Group A and Group C.

Out-of-the-Box Security Roles
When user creates a new user or a user group, they assign some security roles to the user or group. Security roles are sets of privileges defined by you. In Workstation, five new security roles are available out-of-the-box (OOTB). Listed below are the new security roles and their descriptions.

Application Administrator - Users granted this role have access to all application specific tasks.
Analyst - Users granted this role have authoring capabilities.
Certifier - Users granted this role can certify objects in addition to the authoring capabilities.
Collaborator - Users granted this role can view and collaborate on a dossier or document for which they have access.
Consumer - Users granted this role can only view a dossier or document for which they have access.

For more information, see "Security Role Assignment" in the Relevant Links section.
In All Users and All User Groups you can scroll down to view all users and user groups and check their Accessible Applications by hover over the property. Security roles for each project are shown when you hover over the Accessible Applications property for the user or group. For more information on a user or group, click that property.

When you scroll down to view users and user groups, the Accessible Applications property for the users might not be shown instantly. Workstation fetches the information from the server dynamically.

Requirements

Detailed logs. Might create multiple large log files.
1st Response Time2nd Response Time3rd Response TimeWithout Subset Report Caching163 seconds53 seconds53 secondsWith Subset Report Cachine166 seconds35 seconds34 seconds 1st Peak Growth of RSS Memory 2nd Peak Growth of RSS Memory 3rd Peak Growth of RSS Memory Without Subset Report Caching4845 MB2457 MB104 MBWith Subset Report Cachine4161 MB9 MB90 MB Average Response TimeMinimum Response TimeWithout Subset Report Caching146 seconds84 secondsWith Subset Report Caching62 seconds44 seconds Growth of RSS MemoryWithout Subset Report Caching41438 MBWith Subset Report Caching19885 MBStateProfitNorth Carolina91,234Virginia82,341South Carolina68,293Georgia72,348Florida58,934BuildPrivilegesPermissionsEnvironmentConfiguration10.10 or later(In Web/Developer) Create and Edit Users and Groups privilege is required.In Web/Developer - Create and Edit Users and Groups privilege is required.
In Workstation - Manage Users privilege is requiredNoneNone

Action Steps
To create a new user and assign security roles

Connect to an environment and log in as a user who has the Manage Users privilege.
Click Add > Create User.
Under Basic Information, fill out all information needed.
Under Member Of, you can add groups the user belongs to. Notice that each user belongs to the Everyone group by default.
Under Application Access & Roles, you can set roles of the user for each application.
Click Create. A page appears showing the new user
Click Done.
Click the Users and Groups tab, then go into the users and groups management page.
Click All Users. You can find the user you've just created.
Hover over Accessible Applications. You can check the applications they can access and their security roles.
Click All User Groups and expand the Everyone group. You will find the user is in that group

To Create a New User Group and Assign Security Roles

Click Add >Create User Group.
Under Properties, fill out all information needed.
Under Members, you can add users or other groups to this group.
Under Member Of, you can add groups the group belongs to.
Under Application Access & Roles, you can set roles of the group for each application.
Click Create. A page appears showing the new user.
Click Done.
Go into the User and Group Management page.
Click All User Groups. You can find the newly created group under the groups it belongs to. You can also double-click the group to check its members.

To Delete a User

Select the user you want to delete, right-click the user, then click Delete. A pop-up window appears, asking "Are you sure you want to continue?".
Click Delete. A progress bar of the deleting process appears. Once the deletion is done, you will not see the user in All Users anymore.

To Delete an Existing User Group

Select the user group you want to delete, right-click the user, then click Delete. A pop-up window appears asking "Are you sure you want to continue?".
Click Delete. A progress bar of the deleting process appears. Once the deletion is done you will not see the user group in All User Groups anymore.

To Edit Properties and Information of a User

Double-click the user you want to edit. The information window of that user appears. Here you can change information in Properties, Member Of, and the Application Access & Roles.
Click Save. The information window disappears.

Editing properties and information of a user group.

Double-click the user group you want to edit. The information window of that user group appears. Here you can change information in Properties, Members, Member Of, and the Application Access & Roles.
Click Save. The information window disappears.

Relevant Links
Security Role Assignment (Workstation online help)

Comment

0 comments

Details

Knowledge Article

Published:

December 11, 2018

Last Updated:

March 21, 2024