Defining a Profile Set for Standard Users
You are starting with Scheer PAS and you are not sure which permissions your users need? This page may be helpful to you.
First of all, you need to define which tasks your users should be able to perform.
During the creation of a user within Scheer PAS User Management you will then assign the necessary profiles to each user (refer to Defining the Portal Content for an overview on all available profiles).
The creation of a new user is explained in detail on page Adding a User in the Administration Guide.
The following standard setups are recommended:
Designer Developer (standard setup for development in Scheer PAS Designer)
Designer Developer
The following table contains all standard profiles a user needs to develop services within Scheer PAS Designer:
Use Case | Profile Name | Description | Related Documentation |
|---|---|---|---|
Your user should be able to work within the Designer and deploy his services (which makes them executable). | pas_base | Grants access to the Scheer PAS Portal, the entry point of Scheer PAS. From this start page you can access all PAS components you are allowed to use. | |
pas_user | Grants access to Scheer PAS Designer where you can model your processes and execute them. | ||
xuml_container_admin | Grants limited access to the Scheer PAS Administration. Users with this profile are able to deploy their Designer services as container and can access the details of their own services within the administration. | ||
integration_user | Grants access to the integration component (Bridge). If you want to deploy your services to the integration component, you must create an additional user in the Bridge (with the same user name as in the user management). We recommend using container deployment as the default deloyment target starting with PAS 23.1. For further information see: | ||
personal_sandbox | Each developer should get his own personal profile with namespace where he can develop on is own. Keep the personal sandbox private. For projects where several developers should collaborate, create shared profiles. |
Additional Use Cases
There may be other use cases where you need to grant your developer access to more Scheer PAS components, e.g.
Use Case | Profile Name | Description | Related Documentation |
|---|---|---|---|
Your user should be able to expose the API of his Designer service to other users e.g. partners or customers. | api_management_user | Grants access to Scheer PAS API Management where you can manage the APIs of your exposed Designer services. | |
api_devportal_user | Grants access to Scheer PAS API Developer Portal where you can expose your APIs to your partners and customers. If you grant your developer user access to API Management, you should also assign him the profile for the API Developer Portal. | ||
Your user should be able to analyze process data. | analytics_user | Grants access to Scheer PAS Process Mining where your user can analyze process data to dig into problems and to find the possible cause(s). | |
analytics_admin | In addition to users with profile analytics_user, an analytics_admin can also create and manage all templates in Process Mining. | ||
_dashboard_access_processes | Is necessary to see xUML services. | ||
_dashboard_access_transactions | Is necessary to see adapter calls of a BPMN process. | ||
Your user should be able to upload file resources that can be used in Designer services. | file_manager_user | Grants access to the Scheer PAS File Manager, the UI of the file storage where developers can manage file resources, e.g. CSS templates for usage in Designer applications. | |
Your user should be able to view the logs of his Designer services, e.g. to find the causes of errors. | kibana_user | Grants access to the Scheer PAS Log Analyzer, that enables your user to view, filter and search the platform logs for all services. |
App Execution User
If you just want your users to be able to execute a finished Designer application, they only need a very simple profile setup:
Use Case | Profile Name | Description | Related Documentation |
|---|---|---|---|
You user should be able to execute an application that has been created with the Designer. | pas_base | Grants access to the Scheer PAS Portal, the entry point of Scheer PAS. From this start page you can access all PAS components you are allowed to use. | |
your_sandbox | Assign the user the profile in which the application that he should be able to execute is stored. If the user should access a role-based application, assign him also the necessary role. |
Administrator
You should define at least one administrator who can manage users and services.
Use Case | Profile Name | Description | Related Documentation |
|---|---|---|---|
Your user should be able to access the Scheer PAS Portal. | pas_base | Grants access to the Scheer PAS Portal, the entry point of Scheer PAS. From this start page you can access all PAS components you are allowed to use. | |
You user should be able to create and manage users, profiles and roles. | user_management_admin | Grants access to Scheer PAS User Management. A user with this profile can create and manage users, profiles and roles. He is also able to change the password of a user. | |
Your user should be able to manage all services: Custom services as well as platform services. | administration_user | Grants full access to the Scheer PAS Administration. Users with this profile are able to manage all services in the administration: Both the services developed in Designer itself and the platform services. | |
Your user should be able to definde his own search queries in the Log Analyzer. | kibana_user | Grants access to the Scheer PAS Log Analyzer, that enables your user to view, filter and search the platform logs for all services. | |
Your user should be able to analyze process data. | analytics_user | Grants access to Scheer PAS Process Mining where your user can analyze process data to dig into problems and to find the possible cause(s). |