Skip to end of metadata
Go to start of metadata

Different roles can be distinguished for users collaborating on model packages and projects in Enterprise Studio, working with HoriZZon, and working on the Team Server administration (users, groups, and packages) in HoriZZon. A role determines the user's permissions, and also which information in HoriZZon is visible to the user. Roles can be linked to individual users and to groups of users. A user or group can be assigned a single role, but also multiple roles.


On this page:


Types of roles

The following roles can be distinguished: Consumer, Contributor, Designer, Lead Designer, Administrator, and System Administrator. There is a dependency between the Designer and Lead Designer role, and between the Administrator and System Administrator role. A user who has the Lead Designer role, automatically also has the Designer role. A user who has the System Administrator role automatically also has the Administrator role. The Contributor role stands in its own. The Consumer role is the minimum required role for access to HoriZZon. A user who has the Contributor, Designer or Lead Designer role, automatically has the Consumer role.

Globally the roles offer the permissions as shown below. If a user is not assigned any of these roles, the user only has access to his or her personal details page.

The System Administrator role is not available in a hosted Team Server. This means that the Team Server administration settings are not available in a hosted Team Server, except the license information page. It is accessible for Administrator users.

Role

Location

Consumer

HoriZZon:

  • View sites that have been shared with him or her.
  • Inspect objects and relations in a site.
  • Explore object relations in a site.
  • Set views and properties as favorite.
  • Generate viewpoints on views.
  • View dashboards that have been shared with him or her.
  • Start workflow requests based on the default workflow.
  • View self-defined information in sites (online editing).
Contributor

A Contributor has the permissions of a Consumer, plus the following.

HoriZZon:

  • Perform workflow tasks.
  • Terminate own workflow requests.
  • Start workflow requests based on custom workflows.
  • Add and edit self-defined information in sites (online editing).

Designer
 
 

A Designer has the permissions of a Consumer, plus the following.

Enterprise Studio:

  • Track progress of model packages
  • Share model packages and projects he or she is are contributing to with others, and set access permissions.
  • Contribute to shared model packages and projects the user is invited to.
  • Commit own contributions.
  • Apply contributions from a project to its master model package (if invited to both).
  • Update a project with contributions from its master model package (if invited to both).
  • Create custom workflows (definitions).
  • Create document definitions (online editing).

Team Server:

  • Invite users and groups to model packages and projects he or she is contributing to, and set access permissions.
  • Manage access to model packages and projects he or she is contributing to.
  • View all model packages and projects he or she is invited to.
  • Remove own claims on model packages he or she is contributing to.
  • View all users and groups.
  • Edit own user name on the user page.
  • Revoke own invitations to model packages and projects he or she is contributing to.

HoriZZon:

  • Start workflow requests based on custom workflows.

Lead Designer

A Lead Designer has the permissions of a Designer, plus the following.

Enterprise Studio:

  • Create model packages and projects and save them on the Team Server.
  • Open and edit metamodels in the Metamodeler.
  • Migrate model packages to a new configuration.
  • Upload custom workflows (definitions) to HoriZZon.

HoriZZon:

  • Create sites.
  • Edit and delete own sites.
  • Edit and delete other users' sites, if invited to the model package or project the site is based on.
  • Edit and delete workflows.
  • Add and share dashboards.

Administrator

Team Server:

  • View all users, groups, model packages and projects available in the Team Server.
  • Add users and groups.
  • Edit user, group, model package and project info (name, description, e-mail address).
  • Invite users and groups to model packages and projects, and set access permissions.
  • Manage access to model packages and projects.
  • Revoke invitations to model packages and projects for users and groups.
  • Remove users and groups.
  • Remove model packages and projects.
  • Remove claims on model packages of any user.
  • View license settings.
  • Add API clients.

HoriZZon:

  • Terminate workflow requests (all requests).
  • Manage workflows (edit, delete).
  • End other users' Enterprise Studio Online session.

System Administrator

A System Administrator has the permissions of an Administrator, plus the following: 

Team Server:

  • Edit Team Server identification details.
  • Edit Team Server e-mail configuration.
  • Activate license and view license settings.
  • Configure user authentication and single sign-on with LDAP, Azure AD, or another organizational account.
  • View the Team Server audit log.

Role assignment

The roles of a user or group are shown in the Info section on the overview page of the user or group. An icon next to a role indicates whether the role is assigned  or not . The role assignment of an individual user also indicates whether the role has been assigned directly to the user or via one or more groups, or both.



Roles can be assigned via the User or Group section on the manage page of the user or group, by selecting the checkboxes next to the roles. Roles can only be assigned by Administrator or System Administrator users.

The System Administrator role can only be assigned by a user with the System Administrator role, it is not available for an Administrator user.

Individual permissions versus group permissions

Role(s) assigned directly to a user give the user individual permissions. If groups have been defined, role(s) assigned to a group give all users in that group these permissions. The participation of a user in a group may result in different combinations of permissions for the user. Not only the user's individual permissions are shown, but also the permissions inherited from the group(s) the user is part of.

If you click the "via groups" link next to a role, the groups are shown. Clicking a group will open the group page.



Example 1

A user has directly been assigned the Designer role. The user is also part of a group that has been assigned the Lead Designer role. The user's permissions will look as follows:



Since the user's role inherited from the group includes more permissions than the individually assigned role, the user also has the permissions from the Lead Designer role. The Consumer role automatically comes with the assigned Designer role and Lead Designer role.

Example 2

A user has individually been assigned the Lead Designer role. The user is also part of a group that has the Designer role. In this situation, the individual permissions overrule the group permissions. The Consumer role automatically comes with the assigned Designer role and Lead Designer role. The user's permissions will look as follows:


Example 3

A user has individually been assigned the Administrator role. The user is also part of a group that has the Consumer role. The user's permissions will look as follows:



Since the user's individual role has other types of permissions than obtained via the group, the user not only has Administrator permissions, but also Consumers permissions.

User roles and inviting people for model packages and projects

Only users with the Lead Designer or Designer role can contribute to model packages and projects they have been invited to in Enterprise Studio. If there is no limitation set on inviting people, any person can be invited. If the invitee is an existing user or group without a designer role, this user or group will automatically be assigned the Designer role. If the invited person is new and does not yet exist in the Team Server administration, this person will also automatically be assigned the Designer role once he or she has registered with the Team Server.

If inviting users is limited to only existing users and groups, it is not possible to invite users who do not have the Lead Designer or Designer role. They must already have this role to be invited.

User roles and license seats

The different user roles are related to the seats from your Enterprise Studio license. Different roles take different license seats. The number and type of seats in your license determine which roles can be assigned to users and to how many users. For more information, please refer to About BiZZdesign license seats and their availability.

Group manage permissions

In addition to assigning roles, users can be granted group manage permissions to further delegate administrative tasks in the Team Server. The permissions can be granted to one or more members of a group. For more information, please refer to Granting users group manage permissions.