Users and Groups

User accounts are configured in EnterWorks, then the users are assigned to user groups. To efficiently manage system security, EnterWorks recommends it is managed at the group level, therefore groups should be defined according to user roles, such as Administrator, Product Manager, Publication Manager, or Syndication Manager. During configuration, groups are analyzed and designed to align with an organization’s specific business processes and operational requirements.

EnterWorks group security defines which functional areas of the application a user is allowed to view, functions they can perform, and what level of access a user has to objects within EnterWorks (such as code sets, users, groups, and repositories). Each type of object can be configured as to which groups can create an object of that type, and for existing objects of that type, who can read, edit or delete them. For details on the assignment of user and group permissions, see Security.

The Impersonate User capability allows a user with proper credentials to impersonate another role to carry out EnterWorks tasks using the roles’ security credentials. The actions of the impersonator are logged and auditable.

Example Use Case: The security database could have multiple roles, one of which is a Manufacturer role whose members can load and view data in EnterWorks. A user with the proper level of security may impersonate a Manufacturer, in which case they would only have the permissions of a Manufacturer and any action they take would be logged as having been performed by a member of the Manufacturer group.

The user’s account must be configured to allow them to impersonate another user. This is typically performed by a system administrator.

Note that the impersonator must have read access for the users they impersonate. Also, for security reasons, users who belong to an Administrator group are prevented from being able to impersonate a System Administrator.