Sharing and access rights

Access rights model

This section explains how the access rights model in Apromore works.

Types of access rights

The Apromore portal allows users to navigate through a hierarchical file system consisting of folders and two types of files: event logs and process models. Every file (event log or model) is located in a folder. A folder may contain one or more sub-folders and files. The top folder is called Home. Every user has a Home folder.

The ability for a user to perform operations on a file (e.g., to create or edit a process model) is determined by the Access Control List (ACL) of the file and the enclosing folder. An ACL indicates which users or groups have been granted access rights over a folder or file.

The types of access rights that may be granted to a user or a group are:

  • Owner: An owner of a folder can add subfolders or files to the folder or delete subfolders or files. An owner of a folder or file can rename the file/folder and modify the ACL of the folder or file. An owner of a file can view, and edit the file (i.e., edit a process model, create or edit dashboards, filters, or KPIs within a log).

  • Editor: An editor of a file can edit the file (edit a process model, create or edit dashboards or filters within a log). An editor of a folder can open the folder and can only see the subfolders and files for which they have been granted owner, editor or viewer access rights.

  • Viewer: A viewer of a file can open the process model or open the log and use the dashboards, filters, and KPIs attached to the log, but they cannot edit the file (e.g., add or modify dashboards). The viewer of a folder can open the folder and can only see the subfolders and files for which they have been granted owner, editor or viewer access rights.

  • A user (or group) can also be a Restricted Viewer of an event log. A Restricted Viewer has the same privileges as a Viewer, except that a restricted viewer may only be able to use a subset of the dashboards associated with the log (not necessarily all), as determined by an Owner.

Note

A user with Superuser rights may modify the access control list of any folder of file in the tenancy by using the “Manage Access Rights” console in the Portal.

Hierarchical ownership principle

Every owner of a folder F is also owner of all the items directly or transitively contained inside folder F. If a user or group is owner of a folder F, they are also owners of:

  • Every subfolder of F and every transitive subfolder of F.

  • Every file contained in F and every file contained in any direct or transitive subfolder of F.

This principle ensures that if a user or group is owner of a folder they can:

  • View and open any subfolder or file under this folder (directly or transitively).

  • Rename or edit any subfolder or file under this folder (directly or transitively).

  • Alter the access rights of any folder or file under this folder (directly or transitively).

In other words, an owner of a folder has full visibility and control over the contents of this folder.

To enforce the Hierarchical Ownership principle, Apromore enforces the following behaviors:

  • When a user or a group is granted Ownership of a folder F, this user or group is automatically granted Ownership of all the files or folders contained in F (directly or transitively).

  • When a subfolder or file is added to folder F, the access rights of F are propagated to this new file or folder. The owner of folder F can then adjust these access rights as they see fit.

  • When a subfolder or file is moved into folder F, the access rights of F are propagated to this new filer or folder. The owner of folder F can then adjust these access rights as they see fit. The previous access rights of the moved folder are overridden, since the file or folder is now located under a different ownership domain, with different access control lists.

Note

A user may only copy a file or folder into a new folder F if they are an Owner of folder F. In the case of a Move operation, the user must also be an Owner of the source folder.

With Reference to the figure below, if a user is granted Owner access rights on Subfolder 1, they are automatically also granted access rights on Subfolder 3, Subfolder 4, File 1, File 2, File 3, File 4, and File 5.

Sharin048

Right of traversal principle

If a user or group has access to a file or folder, be it as an Owner, Editor or Viewer, this user or group expects to be able to traverse the file hierarchy in order to access this file or folder.

Accordingly, when a user or group is added to the access control list of a folder or file located under a folder F, Apromore checks if this user is able to access folder F. If the user is not able to access folder F, Apromore will automatically grant Viewer  rights  to folder F, and if required to the parent folder of folder F, and so on, as required so that the user or group can access folder F in order to be able to see and use the file or folder to which they were granted access.

With Reference to Figure 1, if User1 is granted Editor access rights on File 1, then User1 is automatically granted Viewer access rights on Subfolder 3 and Subfolder 1 (unless User1 was already in the access control list of Subfolder 3 or Subfolder 1).

Note

Once a user is granted Viewer access rights to a hierarchy of folder, as a consequence of the Right of Traversal policy, any subsequent file or folder added to such folders will be visible to that user.

Co-ownership and “at least one owner” principle

An owner of a file or folder F may grant Owner right over F to other users or groups, while retaining their Owner right over F. In this way, a file or folder may have multiple co-owners.

An owner of a file or folder F may also revoke the access rights of other owners of F, or they may downgrade the access rights of another user from Owner to Editor or Viewer.

An owner of a file or folder F may revoke their own Owner right over F (or downgrade it). However, Apromore enforces the principle that every file and folder must have at least one owner at all times.

When a user is deleted by a superuser, the superuser is given the option between either deleting or transferring ownership of all files and folders of the deleted user, in such a way that no files or folders remain ownerless.

Properties of the home folder

The Home folder is different for every user. When a new user account is created, their Home folder is empty, unless the user is a member of a group and this group is in the access control list of a file or folder located in the Home folder.

When a user creates a folder or creates or uploads a file in their Home folder, they become the sole Owner of this file or folder. They can then share this file or folder with other users or groups.

When a user copies a file or folder into their Home folder, they become the sole Owner of this file or folder. The user may then grant access rights to other users or groups as they see fit.

Share an event log

To share an event log, select the log from the workspace and click on the share icon.

Sharin003

Alternatively, we can select the log, right-click and click Share.

Sharin004

File Sharing window pops up. This window consists of two sections: Name and Associated artifacts.

Sharin005

The Name section contains the name of user or group the event log will be shared with. The Associated artifacts contains the artifacts e.g. filters or dashboard that will be shared with the event log.

Note

To share all the artifacts associated with a log, set the Viewer (full) permission to the user. To share only specific artifacts associated with a log, set the Viewer (restricted) permission to the user, and tick the artifacts to be shared.

Search for the user or group we wish to share to. Click Share.

Sharin006

The selected user or group appears in the Name section.

Sharin007

We can see the list of associated artifacts automatically shared with a user in the Associated Artifacts section.

Sharin008

Note

Only an owner or editor can edit/rename/delete the associated artifacts. If a user is assigned viewer permissions to access a particular log/model, they will only see it in view-mode. Functions such as export, save/save as, share will be disabled.

To change the access rights for a particular user, click on the Permission drop-down list and select the desired permissions.

Sharin009

Click Apply to share the file.

Sharin010

The log will appear in the shared user’s workspace with the selected permission.

To revoke access for a particular user, click the Sharin011 button.

Sharin012

The user will no longer appear in the Name section. Click Apply to save the changes.

Sharin013

Share a process model

To share a process model, select it from the workspace and click on the Sharin014 button.

Sharin015

Enter the user or group with whom we want to share the model using the Select a user or group search box. Click Share.

Sharin016

The selected user or group appears in the Name section.

Sharin017

To change the access rights for a particular user, click on the Permission drop-down and select the desired permissions.

Sharin018

Click Apply.

Sharin019

The model appears in the shared user workspace.

To revoke access for a particular user, click the Sharin020 button.

Sharin021

Click Apply to save the changes.

Sharin022

Share a folder

To share a folder, select the folder from the workspace and click on the Sharin014 button.

Sharin023

Alternatively, we can right-click a folder and click Share.

Sharin024

Enter a user or group with whom we want to share the folder using the Select a user or group search box. Click Share.

Sharin025

The selected user or group appears in the Name section.

Sharin026

To change the access rights for a particular user, click on the Permission drop-down and select the desired permissions.

Sharin027

Finally, click Apply.

Sharin028

To revoke access for a particular user, click the Sharin029 button.

Sharin030

Click Apply to save the changes.

Sharin031

Manage access rights

Access rights management functionality provides the administrators with a comprehensive view of all the files and folders along with the users and their access rights. The administrator can easily browse through the permissions of the files/folders and make changes.

Note

Only a user with Administrator or Superuser rights can access the Access rights management functionality.

To manage access right, click Settings in the bottom left corner.

Sharin032

Click Manage access rights.

Sharin033

The Access rights management window opens. It contains two tabs: Files and Users.

Sharin034

To share a file with another user or group, select the file/folder to be shared in the Files tab. Enter the user or group you intend to share the file/folder with in the Select a user or group search box.

Click Share to share the file/folder.

Sharin035

The user now appears in the Name section.

Sharin036

To change the access rights for a particular user, click on the Permission drop-down and select the desired permissions.

Sharin037

Click Apply.

Sharin038

The file will appear in the shared user’s workspace with the selected permission. To revoke access for a particular user, select the user and click the Sharin039 button.

Sharin040

Click Apply to save the changes.

Sharin041

As admin and superusers, we can also manage the access rights of the folders and files in our tenancy. To manage access rights, open the Access rights management window (this requires administration privileges). Go to the Users tab. This displays a list of users and groups in the tenancy.

Sharin042

When we click on a user, Apromore displays the files or folders the user has access to, the date of creation, and the permission the user holds.

Sharin043

As an admin or superuser, we can change the permission. Click the Permission dropdown to select another permission. Let us say we want the user to edit the procure to pay folder. Select Editor from the Permission drop down.

Sharin044

Click Apply to save this change.

Sharin045

The user can now edit the log from their Apromore Workspace. In addition, as an admin/superuser, we can revoke a user’s access to a file or folder. Click the bin button.

Sharin046

Click Apply.

Sharin047

This revokes the user’s access to the file/folder, and they will no longer appear in the user’s workspace.

Note

A file/folder must have at least one owner. When we attempt to revoke access from a user who is the sole owner of the file/folder, an error message is displayed indicating that we cannot remove the only owner of a file/folder.