Defining a Profile Set for Standard Users

You are starting with Scheer PAS and you are not sure which permissions your users need? This page may be helpful to you.

First of all, you need to define which tasks your users should be able to perform.
During the creation of a user within Scheer PAS User Management you will then assign the necessary profiles to each user (refer to Defining the Portal Content for an overview on all available profiles).

The creation of a new user is explained in detail on page Adding a User in the Administration Guide.

The following standard setups are recommended:

Designer Developer (standard setup for development in Scheer PAS Designer)
- Additional Use Cases
App Execution User
Administrator

Designer Developer

The following table contains all standard profiles a user needs to develop services within Scheer PAS Designer:

Designer Access and Service Deployment

Use Case: Your user should be able to work within the Designer and deploy his services (which makes them executable).

Profile Name	Description	Related Documentation
pas_base	Grants access to the Scheer PAS Portal, the entry point of Scheer PAS. From this start page you can access all PAS components you are allowed to use.	Accessing the Scheer PAS Components
pas_user	Grants access to Scheer PAS Designer where you can model your processes and execute them.	Getting Started with Designer
xuml_container_admin	Grants limited access to the Scheer PAS Administration. Users with this profile are able to deploy their Designer services as container and can access the details of their own services within the administration.	Controlling Containerized xUML Services (Docker) Controlling Containerized xUML Services (Kubernetes)
integration_user	Grants access to the integration component (Bridge). If you want to deploy your services to the integration component, you must create an additional user in the Bridge (with the same user name as in the user management). We recommend using container deployment as the default deloyment target starting with PAS 23.1. For further information see: Designer Guide: Service Deployment Details Administration Guide: Controlling Containerized xUML Services (Docker) Controlling Containerized xUML Services (Kubernetes)	Integration User’s Guide Managing Users in a Scheer PAS Environment
personal_sandbox	Each developer should get his own personal profile with namespace where he can develop on is own. Keep the personal sandbox private. For projects where several developers should collaborate, create shared profiles. Refer to Creating Shared Designer Namespaces for a step-by-step guide.	Managing Users Creating Shared Designer Namespaces

Additional API Management Access

Use Case: Your user should be able to expose the API of his Designer service to other users e.g. partners or customers.

Profile Name	Description	Related Documentation
api_management_user	Grants access to Scheer PAS API Management where you can manage the APIs of your exposed Designer services.	Getting Started with API Management
api_devportal_user	Grants access to Scheer PAS API Developer Portal where you can expose your APIs to your partners and customers. If you grant your developer user access to API Management, you should also assign him the profile for the API Developer Portal.	Developer Portal

Additional Process Mining Access

Use Case: Your user should be able to analyze process data.

Profile Name	Description	Related Documentation
analytics_user	Grants access to Scheer PAS Process Mining where your user can analyze process data to dig into problems and to find the possible cause(s).	Process Mining Guide
analytics_admin	In addition to users with profile analytics_user, an analytics_admin can also create and manage all templates in Process Mining.
_dashboard_access_processes	Is necessary to see xUML services.
_dashboard_access_transactions	Is necessary to see adapter calls of a BPMN process.

Additional File Manager Access

Use Case: Your user should be able to upload file resources that can be used in Designer services.

Profile Name	Description	Related Documentation
file_manager_user	Grants access to the Scheer PAS File Manager, the UI of the file storage where developers can manage file resources, e.g. CSS templates for usage in Designer applications.	Managing File Resources

Additional Log Analyzer Access

Use Case: Your user should be able to view the logs of his Designer services, e.g. to find the causes of errors.

Profile Name	Description	Related Documentation
kibana_user	Grants access to the Scheer PAS Log Analyzer, that enables your user to view, filter and search the platform logs for all services.	Analyzing Platform Logs

App Execution User

Use Case: You user should be able to execute an application that has been created with the Designer (very simple profile setup).

Profile Name	Description	Related Documentation
pas_base	Grants access to the Scheer PAS Portal, the entry point of Scheer PAS. From this start page you can access all PAS components you are allowed to use.	Accessing the Scheer PAS Components
your_sandbox	Assign the user the profile in which the application that he should be able to execute is stored. If the user should access a role-based application, assign him also the necessary role.	Running Designer Applications Running Role-based Applications Editing a User Managing Roles

Administrator

You should define at least one administrator who can manage users and services.

Access to Scheer PAS Portal

To be able to perform administration tasks, an admin needs access to the PAS portal in general.

Profile Name	Description	Related Documentation
pas_base	Grants access to the Scheer PAS Portal, the entry point of Scheer PAS. From this start page you can access all PAS components you are allowed to use.	Accessing the Scheer PAS Components

User Admin

Use Case: Your user should be able to create and manage users, profiles and roles.

Profile Name	Description	Related Documentation
user_management_admin	Grants access to Scheer PAS User Management. A user with this profile can create and manage users, profiles and roles. He is also able to change the password of a user.	Managing Users

Service Admin

Use Case: Your user should be able to manage all services: Custom services as well as platform services.

Profile Name	Description	Related Documentation
administration_user	Grants full access to the Scheer PAS Administration. Users with this profile are able to manage all services in the administration: Both the services developed in Designer itself and the platform services.	Administrating the Platform Components

Log Analyzer Access

Use Case: Your user should be able to define his own search queries in the Log Analyzer.

Profile Name	Description	Related Documentation
kibana_user	Grants access to the Scheer PAS Log Analyzer, that enables your user to view, filter and search the platform logs for all services.	Analyzing Platform Logs

Process Mining Access

Use Case: Your user should be able to analyze process data.

Profile Name	Description	Related Documentation
analytics_user _dashboard_access_processes _dashboard_access_transactions	Grants access to Scheer PAS Process Mining where your user can analyze process data to dig into problems and to find the possible cause(s).	Process Mining Guide