Configure users and groups

Workflow Manager のライセンスで利用可能。

Users are key to controlling what functionality is available and how things are carried out by each user as an individual. Users are registered with ArcGIS Workflow Manager (Classic) and associated with a specific Windows login so they can be authenticated automatically. They are used for the following:

  • Allowing/Denying access to the application
  • Retrieving database connection information
  • Controlling access to specific application functionality
  • User-stamping history
  • Assigning work to individuals

You can associate multiple groups with each user. This allows you to associate privileges (that are assigned to groups) with users by combining groups. The following diagram shows how the model allows users to be associated with different sets of privileges by associating them with groups:

Relationship of user groups, users, and privileges

Users and privileges are linked together through user groups in Workflow Manager (Classic)

Learn more about privileges

User store

The Workflow Manager (Classic) system authenticates who can access the system through their user name. Workflow Manager (Classic) supports two types of user stores for user and groups—Traditional and Portal.

In the Traditional user store, users and groups are defined in ArcGIS Workflow Manager (Classic) Administrator and the Windows account user name is used for the Workflow Manager user name. User and group roles can also be imported from Active Directory when using the Traditional user store.

In the portal user store, users belong to a Portal for ArcGIS or ArcGIS Online organization, and a user's user name is as defined in the portal. Users are managed in the portal, user profiles cannot be edited, and users cannot be added or imported from the Active Directory in the Workflow Manager (Classic) Administrator. Users are assigned to groups in Workflow Manager (Classic) Administrator and inherit privileges based on the Workflow Manager (Classic) groups. When the user store is set to Portal user store and a query or report using the JTX_USERS table is run, any existing users defined for the Traditional user store are cleared from the database. If the user store is switched from portal user store to Traditional user store, the users must be created manually or imported from Active Directory. If the users are updated in Portal for ArcGIS, you need to reconnect to the database and run a query or report to refresh the user information in the database.

Manage users

When the traditional user store is used, users can be added and their user profiles can be edited from Workflow Manager (Classic) Administrator. When the portal user store is used, user profiles cannot be edited; however, a user can be added to groups on the User Properties dialog box.

  1. Start Workflow Manager (Classic) Administrator and connect to your Workflow Manager (Classic) database.
  2. Expand Security > Users.

    The Users list shows all the currently configured users. If no users are configured, the list is blank.

  3. To add or edit a user, perform one of the following:

    Add a user

    Right-click Users and click Add User.

    Edit a user profile

    Right-click a user name and click Edit Item.

    The User Properties dialog box appears.

  4. Provide the required information (denoted with an asterisk [*]) and any additional information.
    注意:

    The characters * and | cannot be part of the user name.

  5. Click the Groups tab.
  6. Click Add.
  7. Choose the groups you want to add to the user profile.
    ヒント:

    Hold the Shift key as you click to select multiple groups.

    Adding users to the Administrator group grants them the AdministratorAccess privilege. This privilege adds a level of protection to your database, ensuring that only users with this privilege can access the database from Workflow Manager (Classic) Administrator. All your Workflow Manager (Classic) users can still access the repository manage and execute their jobs.

    注意:

    This only applies to one repository; therefore, this setting may vary across your numerous repositories.

  8. Click OK to assign the groups to the user.
  9. Click OK again to close the User Properties dialog box and save your changes.

Manage groups

User groups are used to categorize users for many reasons—specifically to assign privileges or roles, but also to classify users for the purposes of assigning work. You might want to assign a current job to a group instead of an individual, so it can be carried out by anybody in that group. For example, a quality assurance (QA) step should be executed by the quality control (QC) group. The path connecting a previous step with a quality assurance step can be assigned ahead of time. Once that path is reached, the job is assigned to the QA/QC group and users within this group can assign the step to themselves and complete the task.

When a new Workflow Manager (Classic) database is created using the Create Workflow Database tool, an Administrator group is created with the AdministratorAccess privilege. A Workflow Manager (Classic) user is created with the Windows user name of the user running the tool and is added to the Administrator group. In an existing Workflow Manager (Classic) database being upgraded, the tool checks whether an Administrator group with the AdministratorAccess privilege exists; if it does not, the tool creates the group and adds the user to the group. If the group already exists, the AdministratorAccess privilege is added to it along with the user.

You can manage groups by adding or editing the properties of existing groups within your Workflow Manager (Classic) system.

  1. Start Workflow Manager (Classic) Administrator and connect to your Workflow Manager (Classic) database.
  2. Expand Security > Groups.

    The User Groups list shows all the currently configured groups. If no groups are configured, the list is blank.

  3. To add or edit a group, perform one of the following:

    Add a group to the store

    Right-click Groups and click Add Group.

    Edit an existing group

    Right-click a group and click Edit Item.

    The Group Properties dialog box appears.

  4. Provide the required information (denoted with an asterisk [*]) and any additional information.
  5. Click the Users tab.
  6. Click Add.

    The Choose User dialog box appears.

  7. Choose the users you want to add to the group.
    ヒント:

    Hold the Shift key as you click to select multiple users.

  8. Click OK.
  9. Click the Privileges tab.
  10. Click Add.
  11. Choose the privileges you want to add to the group.
    ヒント:

    Hold the Shift key as you click to select multiple privileges.

  12. Click OK.
  13. Click OK again to save your changes to the group.

Import users and groups from Active Directory

Import users and groups from the active directory to synchronize users within the Workflow Manager (Classic) system and your organization. For example, if a new employee is added to your domain or an existing employee leaves, you can run the Import Active Directory Configuration tool to update the list of users that can access the Workflow Manager (Classic) application.

Importing users and groups from the active directory creates any new users and groups that do not currently exist, updates the attributes (such as Name, Phone Number, Description) of any items that do exist, and removes any item that no longer exists in the active directory. Additionally, group memberships for each user are maintained. If your system is set up to authenticate against domains, it only removes users that existed in the current domain. In addition, groups are not removed when authenticating against domains. Users and groups can be imported from multiple domains when the system setting to Authenticate Users using Domain is enabled as the users and groups are updated for that specific domain.

The groups and users should already exist in your domain’s active directory. In this scenario, WMXUsers and WMXGroups are all active directory groups. Andy, Charlotte, and Jason are all active directory users. In the active directory, membership is configured as shown in the diagram (Technicians is a member of the WMXGroups, Andy is a member of the WMXUsers and Technicians groups, and so forth). When importing into Workflow Manager (Classic), the user enters WMXUsers and WMXGroups into the two text boxes on the dialog box. After the import completes, Technicians and Managers are created as Workflow Manager (Classic) groups, and Andy, Charlotte, and Jason are created as Workflow Manager (Classic) users. The Workflow Manager (Classic) group membership is created based on the active directory group membership; therefore, in this case, the Andy and Jason Workflow Manager (Classic) users belong to the Technicians Workflow Manager (Classic) group, and Charlotte belongs to the Managers Workflow Manager (Classic) group.

Active directory users and groups structure for Workflow Manager (Classic)

  1. Start Workflow Manager (Classic) Administrator and connect to your Workflow Manager (Classic) database.
  2. Click Import/Export > Import Active Directory Configuration.

    The Import Users/Groups dialog box appears.

  3. Provide the required information.
    1. Specify the domain to import from.
    2. Specify a user name and password if the current user is not on the domain.
    3. Specify the active directory user group and group you want to import.

      These must already exist on your domain.

  4. Click Import.

    A message with a summary of the imported users and groups appears.

  5. Expand Security > Users to verify that the user was imported.