The Concepts of User Management
The user management consists of four primary elements:
Every person that should be able to access a Scheer PAS installation needs a user. Within a user all necessary elements are saved to enable a person to work with the different components of Scheer PAS.
Users need profiles to be able to access the different platform components such as Designer, Administration, API Management etc. You cannot save a user datasheet if there isn’t at least one profile assigned to that user. A profile contains a set of permissions.
Permissions are the smallest elements in the user administration. They grant access to a defined sector of the platform, e.g. to the URL of the Portal, file storage or specific applications. Permissions are assigned to profiles.
All permissions that are necessary to access the different PAS components are delivered with your PAS installation. In principle, you don’t need to create any new permission yourself. However, if you want to allow only certain users to access a specific deployed app, you are free to create a path-based permission to its URL.
In contrast to these three elements, that must be seen in the context of the whole platform, roles are designed for usage within processes: You can use roles in your BPMN models in the Designer to design approval workflows.
Profiles vs Roles
Profiles and roles - both elements are managed within user management, but they are different concepts.
The user management is delivered with lots of standard profiles, because you need profiles to access the different components of the platform.
Characteristics of Profiles
Profiles are a set of permissions that manage the access authorizations to the individual PAS components.
At least one standard profile must be assigned to each user.
A profile can optionally have a “namespace” property. This is essentially a name (technically speaking a “key”) which is used for data separation, e.g. in databases or for technical permission checks.
The user management distinguishes between:
Profiles WITHOUT namespace are used exclusively to manage required access rights for the different platform components such as Designer, Process Mining, API Management…
Profiles WITH namespace allow users to save content. If users should be allowed to create new content in one of the platform components, they need a dedicated namespace to save their work in. In addition to your dedicated namespace, you may have shared namespaces to collaborate with other users.
The namespaces displayed in the Designer are technically profiles with namespaces:
“Sandboxes” are profiles with namespaces, too.
If you choose option Create Sandbox during user creation, a profile is created. The notation for automatically created sandboxes follows the scheme: sandbox_Login.
No standard roles are supplied with the initial user administration, as you define the roles you need in your processes yourself.
Characteristics of Roles
Roles grant access to process steps.
Roles are used in BPMN models in the Designer and in EPC models in BPaaS to design approval workflows.
In Designer processes, roles are assigned to lane elements (refer to Lane in the Designer Guide for more details).
Roles can be created in the user management and in the Designer / in BPaaS.
Roles are assigned to users via the user data sheet in user management.
For more detailed information on how to work with profiles refer to:
For more detailed information on how to work with roles refer to:
Modeling Roles in the Designer Guide
You are starting with Scheer PAS and you want to define some user standards? Page Defining a Profile Set for Standard Users may be helpful to you.
You are starting to model an approval process in the Designer?
Page Role-based Authorization Concept in the Designer Guide may be helpful to you.