Users and Roles
Manage OE users and permissions.
Last updated
Was this helpful?
OE
Manage OE users and permissions.
Last updated
Was this helpful?
To prepare the users to work with OE and Make, you need to configure their accounts and set the correct authorizations. The users have to be added to the tenant and assigned to proper user groups with sets of access rights for the roles they will perform.
To achieve this, open the Users and Groups dashboard, which allows you to manage the users’ data in general, both for Commerce Engine (CE) and for Orchestration Engine (OE). Using the dashboard, you can add, edit and delete users' data. You can also manage users by filtering or sorting by users’ first name, last name, e-mail address, department, or status.
The status types are:
Green - the user is active.
Grey - the user account is locked.
User - an employee using the Emporix Management Dashboard.
User Group - a group of users that share some common characteristics, like performing similar job. User group defines access controls for the users.
Role - a combination of predefined permissions that allow users to perform some actions on resources within the system. You can apply a role to a user group.
Permission - a mechanism for limiting what actions a user belonging to a role can perform on specific resources.
Access controls - a combination of roles and resources. For example, a user with a manage access control on product resources can view, create, delete, and edit product entities.
Resource or Entity - the object type within the Emporix Management Dashboard.
Action - the ability to perform an action on entities of specific type.
This diagram shows a high-level view of the relationships between users, groups, and roles:
To create a user of Management Dashboard:
In Management Dashboard, go to the Administration module -> Users and Roles.
Click Create New User and fill in all the fields. They're all mandatory.
Choose Save to add your new user to the users list. The user automatically receives an email invitation to join the tenant.
If you decide to stop adding the new user, you can use the Discard option. It clears all the fields and removes the data you’d entered.
It's also possible to add multiple users to your tenant at one time. You can do that through the Developer Portal using the CSV import users feature. For more information, see the Developer Portal documentation.
If the user already had an active account, or is an existing user of a different tenant, they are visible as an active user right away, without the provisioning status.
To allow your user to access the Management Dashboard, you need to set up the correct access controls. To do this, assign the users to the right user groups. Every user group can be assigned roles with associated permissions. When you assign a user to a group, you give them the permissions that the roles have.
The default groups for OE are:
OE Viewer
The users in the viewers group have read access only, they cannot modify anything.
OE read access
Member
OE Editor
The users in the editors group can edit OE digital processes and Make scenarios.
OE read and edit access
Make application developer integromat.app_developer
Make scenario editor integromat.scenario_edit
OE Manager
The users in the group can conduct the development tasks, such as creating applications in Make.
OE read, edit and manage access
Make application developer integromat.app_developer
Make scenario editor integromat.scenario_edit
OE Admin
The users in this group can conduct administration tasks such as adding users to the tenant or creating applications in Make.
OE read, edit, manage and admin access
Make owner
Make scenario editor integromat.scenario_edit
We recommend to use only the OE user groups that are provided by default. Still, it's possible to create custom user groups.
The groups are created in the Groups tab. You need to provide a group name with a description, plus set the relevant access controls.
In the Administration module, go to Users and Groups.
Go to the Groups tab and click the Create New Group.
In General section, provide the group's name and description.
For roles specific to OE, choose the Standard role and select Orchestration Engine from the drop-down menu. You can then select one of the predefined access rights - Viewer, Editor, Manager or Administrator.
Set up the group access rights in the Management Dashboard Settings section. For sole OE groups, choose OE in Access to define permissions for OE-specific resources:
Read access selected: a user is able to see entities of a specific type
Edit access selected: a user is able to see and edit entities of a specific type
Manage access selected: a user is able to see, edit, create, and delete entities of a specific type
Administrate access selected: a user is able to do all available actions on the entities of a specific type
none selected: a user is not able to see entities of a specific type
Use the checkboxes to define the access rights only for the particular types the group is supposed to have access to. If a group is not supposed to manage or even see a particular entity in the Management Dashboard, don't select any permission.
You can see that the access controls are correlated and selecting one of the available access controls for a specific entity automatically selects the same access control for another one. This behavior ensures that users get the same access to the related resources. To disable existing access rights for an entity, uncheck the checkbox.
Confirm with Save.
When creating a new group, or editing an existing one, you can add the group’s users right away in the Members tab.
To see the permissions assigned to a specific group, open a particular group in Administration -> Users and Groups and check the Management Dashboard Settings.
Check the diagram below to see the details of the relationship between user groups, roles, access controls and permissions in OE:
Prerequisites:
The user must be a part of one or more OE user groups.
The user must have at least one of the following roles assigned within the OE user group: integromat.scenario_edit or integromat.app_developer.
To start with the synchronization:
Choose the users that you want to have access to Make and assign them to the right groups as defined in the prerequisites section. The system automatically scans all OE users' permissions and identifies those users who have the integromat.scenario_edit or integromat.app_developer roles.
Add the selected users to your Make organization (tenant). Once the eligible users are identified, the system automatically adds them to the list of authorized users of their corresponding Make organization as member users.
When you add a user to your Make organization, they receive an email notification with instructions how to access and set up their accounts.
When any changes are made to the groups a OE user belongs to, the synchronization process is triggered to ensure that the user's access to the Make organization is up-to-date. Users receive a new email invitation whenever their group membership is altered.
If a user's group membership is modified and the user no longer has one of the two specified roles assigned (Integromat Scenario Editor or Integromat App Developer), the user still retains access to the Make organization. In this case, an administrator should manually remove the user's entry from the Make organization to maintain a consistent and secure environment.
To learn more about the way how identity and access management work in Emporix, see Identity and access management (IAM) and API documentation.
