Several modes of access control can be used for each repository on the server:
|
When switching between different access control modes, the server must be restarted. Otherwise, the configuration update will not be taken into account. |
In Team for Capella, when using the User Profiles feature, user names and access rights are stored in the repository (i.e. in the database). Note, that, when passwords are stored in the user profiles model (when LDAP is not used), they are not encrypted. That’s why the user names management part of this feature must be considered as a simple identification feature.
|
If the server has been started with user profile, the Importer needs to have write access to the whole repository (including the user profiles model). See Resource permission pattern examples section. If this recommendation is not followed, the Importer might not be able to correctly prepare the model (proxies and dangling references cleaning, ...). This may lead to a failed import. |
You can connect to the user profiles model of a repository thanks to the dedicated wizard:
|
The accounts created by default in the user profiles model are those defined in the administrators file. Refer to Server Configuration/User Profile Configuration |
To be able to change the user profiles model, the Administrator account should be used.
Here the default user profiles model with its table opened:
By default, the userprofile resource is hidden. To make it appear under the userprofile project, the EMF Resources filter must be deactivated via the Customize View... dialog.
When the server is configured with the User Profiles functionality, the following roles are automatically created:
These defaults roles are required :
Note that as user created as administrators (in the administrator properties file as presented in the previous part) have full access and do not need to be assigned to any role. Trying to assign roles to administrators will be prevented and a dialog will appear explaining that the administrators already have full access.
To add a user:
And complete login information
Use the dedicated tool to add a role:
A name can be given to the created role using the Properties view (attribute ID).
Once the new role is created, right click on it to add resource permission.
Complete the textbox with path of authorized resource
|
|
Finally, associate users to a role in the Properties View of the role:
|
|
Inaccessible elements for a user have a gray padlock.
Since only resource permissions are currently available, to define fine grain permissions on a model, it has to be cut into several fragments.
Here is an example project:
Write access to the whole repository (including the user profiles model) |
.* or /.* |
Write access to the whole TestModel project |
/TestModel/.* |
Write access to OA fragments of TestModel |
/TestModel/fragments/OA.* or /TestModel/.*OA.* |
Write access to OA and SA fragments of TestModel |
/TestModel/fragments/(OA|SA).* or /TestModel/.*(OA|SA).* |
Write access to the semantic part of TestModel |
/TestModel/.*(melodymodeller|melodyfragment) |
Write access to the representation part of TestModel (diagrams and tables) |
/TestModel/.*(aird|airdfragment|srm) |
Write access to TestModel but not its fragments |
/TestModel/.*(aird|melodymodeller|srm) or /TestModel/[^/]* |
|
When dealing with aird and airfragment files do not forget to give the
same
rights to srm files (files used to store the representations data when the lazy loading is enabled, the lazy loading is enabled by default).
|
At startup, there is only one superuser: Administrator.
A basic user can be promoted to super user. To do that:
You have the possibility to import a user profiles model; this is the same mechanism as for a Capella project.
First, you need to create a general project which will contain the imported User Profile model.
Import User Profiles model:
Enter a local URI starting with platform:/resource/
Example: platform:/resource/LocalUserProfilesProject/users.userprofile
To export, we can create a general project (or reuse the general project created earlier) and put a User Profile model into it, then right click on the User Profile model and choose Export:
|
How to reuse the user profiles model It is recommended that you backup your user profiles model (Refer to Server Administration/Team for Capella Scheduler/Import user profiles model).
|
User login/password can be modified via the Update User Information contextual menu. This contextual menu can be accessed by right-clicking on the column corresponding to the user being modified. Note that this action is done only by right-clicking on one of the cells of the column, clicking elsewhere (e.g. on the column title) should be avoided.
Once the User Update dialog appears, we can modify either user login or password.
Notes:
If the administrator password has been forgotten, it will no more be possible to change the user profiles model or export a model to the server.
To give a new password to the Administrator account:
Please notice the following known issues:
|
Re-connection to a user profiles model raises error |