Security in Flow can be enabled on two levels.
- Security to restrict functions in the Configuration environment
- Security to secure the Information Model (Reports and Dashboards).
These permissions are controlled using user groups. The user currently logged into the Configuration environment and its security mode is indicated in the bottom right of the Configuration Tool
Currently, only two security model apply to the configuration environment:
- Administrator – Indicated by the shield icon next to the user details
- Everyone – user not linked to the Administrator group falls into this category.
The following table describes the restrictions applied to a non-administrator user.
Item |
Administrator |
Non-Admin |
System Menu |
|
|
Modules |
||
Properties |
||
Database Backup |
||
Connect |
||
Deployment View |
|
|
Deploy / Undeploy Platform |
||
Deploy / Undeploy Data Engine |
||
Deploy / Undeploy Flow Server |
||
Deploy / Undeploy Message Engine |
||
Deploy / Undeploy Integration Engine |
||
Edit Flow Server Properties |
||
Users |
|
|
Rename / Delete / Create Groups |
||
Rename / Delete / Create Users |
||
Toolbox Items |
|
|
Rename / Delete Items |
||
Calendar Purge Now Function |
||
Templates |
|
|
Creation of Templates |
Users and Groups
On the Model View, select the “Users” tab. This view allows you to add users and groups to your Flow System.
By default, two groups will be created in the Users section, Administrators and Everyone. These groups cannot be deleted nor renamed. By default, all new users belong the “Everyone” group. Any users who sign in to the Flow Report Server will
be added to the “Everyone” group.
Add a User
Flow makes use of your Active Directory users for permissions. To add a new user, right-click on a group and select “New User”, “Windows User”. Use the “Select Users” dialog box to find one or more users registered on your domain to add to your Flow System.
Flow makes use of “Message Recipient” users for the Flow Messaging System. These users are not used for permissions on Reports and Forms.
Add a Group
To add a new group, right-click and select “New Group”. Edit the name of the group.
Link Users to Groups
Users can be linked to groups by dragging them from the “Everyone” group onto the destination group. Alternatively, right-click on the destination group and select “New User”. Users can belong to more than one group.
Assigning Groups to Folders
Once you have created groups and assigned users to them, these groups can be assigned to Folders in the “Information” view. Double-click on a folder in the “Reports” tab to open its editor:
By default, every folder has “Allow” access assigned to the “Everyone” group. Assign “Allow” access to other groups by dragging them into the “Allow” section of the folder editor. Note that as soon as a group other than “Everyone” is added to the folder, the “Everyone” group is removed:
When groups are assigned to folders, the reports and dashboards belonging to those folders will only be accessible to users that belong to the assigned groups.
Folder Permission Inheritance
Folders inherit “Allow” access groups from their parent folders in the “Information” view. A child folder can be assigned additional groups that do not belong to their parent folders (e.g. Utilities is a child folder to the Engineering folder):