Skip to main content
Version: 20.0

Impact of Restricting Access to Metamodel Elements

Based on examples, this chapter illustrates how changing metamodel rights affects working with ADOIT.

note

For information on how to change metamodel rights, please refer to the section View or Change Metamodel Rights.

Scenario 1: Creating Models/Objects

Creating models/objects requires permissions to create models/objects of this type and write permissions to the Name attribute.

Example

Edit the basic metamodel rights of the system role "Participant" to the model type Cross-Domain Model:

  • Set the permissions to the Name attribute to Read.

    Now users with the system role "Participant" cannot create Cross-Domain Models.

    You can achieve the same result by editing the detailed metamodel rights of the system role to the model type and setting "Create models" to denied.

Scenario 2: Editing Models/Objects

Editing models/objects requires permissions to edit models/objects of this type.

Example

Edit the detailed metamodel rights of the system role "Participant" to the class Service:

  • Set "Edit objects" to denied.

    Now users with the system role "Participant" cannot edit or rename Services.

Scenario 3: Adding Objects to a Model

Creating objects in a model requires permissions to create objects of this type.

Example

Edit the detailed metamodel rights of the system role "Participant" to the class Risk:

  • Set "Create objects" to denied.

    Now users with the system role "Participant" cannot create new Risks. They can still re-use Risks from the Object Catalogue in models.

Scenario 4: Saving a Copy of a Model

Saving a copy of a model requires permissions to create all the modelling object and relation types which the model contains.

Example

Edit the detailed metamodel rights of the system role "Participant" to the class Note:

  • Set "Create objects" to denied.

    Now users with the system role "Participant" cannot create new Notes. They cannot save a copy of a model that contains a Note.

Scenario 5: Deleting Objects

Deleting objects requires permissions to delete objects of this type.

Example

Edit the detailed metamodel rights of the system role "Participant" to the class Note:

  • Set "Delete objects" to denied.

    Now users with the system role "Participant" cannot delete Notes. They cannot delete a model that contains a Note.

Scenario 6: Opening a Model that Contains Unavailable Objects

Accessing an object in a model requires permissions to read objects of this type:

Example

Edit the basic metamodel rights of the system role "Participant" to the class Risk:

  • Set the permissions to No access.

    Now Risks are not available for users with the system role "Participant". When they open a model that contains a Risk, the Risk is invisible for them.

Scenario 7: Deleting a Model

Deleting a model requires permissions to delete models of this type.

Example

Edit the detailed metamodel rights of the system role "Participant" to the model type Cross-Domain Models:

  • Set "Delete models" to denied.

    Now users with the system role "Participant" cannot delete Cross-Domain Models.

Overview of Permissions to Individual Functions

What permissions are required for the different tasks that can be performed in ADOIT?

Dashboards (ADOIT Scenarios)
  • Widgets are empty if none of the displayed object types are available.

  • Columns in a widget are empty if the displayed relations and attributes are not available.

  • Charts are only available if the queried object types, relations and attributes are available.

Model Time Filter
  • The Model Time Filter is only available if the object types for which the filter is configured are available.
  • Links are removed or disabled based on metamodel rights.
Organisation Portal
  • The Organisation Portal is only available if the configured model types and State attribute are available.
Reporting Board
  • Individual Reports are only available if the respective view or report is available.
Reports
  • Standard reports omit relations and attributes that are not available.
Validation
  • A check is only available if the required object types, relations, model types or attributes are available.
Charts
  • Matrix charts are only available if there is at least one available object type/relation for the row/column/cell.

  • Bubble charts are only available if the configured object type and the x-axis/y-axis attributes are available.

  • Gantt charts are only available if the configured object type and the attributes are available.

  • The dependency modeller is only available if Architecture Diagrams or Analysis Models are available. When an analysis is performed with the dependency modeller, layers which contain unavailable object types are empty.

  • Box-in-box charts are only available if the configured object types, relations and the model type are available.

Workspaces (All)
  • Workspaces are only available to users who have read access to User objects and the following attributes of those objects:

    • Name

    • Email

    • First name

    • Last name

Workspace "Application Cost Management"
  • The Application Cost Management template is only available to users who have the following access rights:

    • Write access to the Contract metamodel element and to at least one of the Application Component or Application Service metamodel elements.

    • Read access to the Association relationship.

    • For the properties listed below, read access is required unless write access is explicitly stated.

    Contract

    • Name (write access required)

    • Description

    • Annual cost (write access required)

    • Currency (write access required)

    • Valid until

    Application Component or Application Service (at least one)

    • Name (write access required)

    • Investment strategy (requires the default enumeration values)

    • Lifecycle state (requires the default enumeration values)

    Association

    • Name
note

For outgoing Association relations from Contracts, the target classes Application Component and/or Application Service must not be restricted.

Workspace "Application Compliance Assessment"
  • The Application Compliance Assessment template is only available to users who have the following access rights:

    • Write access to the Application Component metamodel element and to at least one of the Principle or Constraint metamodel elements.

    • Read access to the Association relationship.

    • For the properties listed below, read access is required unless write access is explicitly stated.

    Application Component

    • Name (write access required)

    • Investment strategy (requires the default enumeration values)

    • Lifecycle state

    • Constraint fulfillment score (write access required)

    • Principle fulfillment score (write access required)

    Principle or Constraint (at least one)

    • Name (write access required)

    • Description

    • Fulfillment score (write access required)

    Association

    • Name
note

For outgoing Association relations from Principles or Constraints, the target class Application Component must not be restricted.

Workspace "Application Investment Planning"
  • The Application Investment Planning template is only available to users who have the following access rights:

    • Write access to at least one of the Application Component or Application Service metamodel elements.

    • Read access to the Responsible business actors, Accountable business actors, Consulted business actors, and Informed business actors relationships.

    • For the properties listed below, read access is required unless write access is explicitly stated.

    Application Component or Application Service (at least one)

    • Name (write access required)

    • Business fitness (requires the default enumeration values) (write access required)

    • Business fitness score (write access required)

    • Technology fitness (requires the default enumeration values) (write access required)

    • Technology fitness score (write access required)

    • Investment strategy (requires the default enumeration values) (write access required)

    • Lifecycle state

    • State (requires the default enumeration values)

    Responsible business actors

    • Name

    Accountable business actors

    • Name

    Consulted business actors

    • Name

    Informed business actors

    • Name
note

For outgoing RACI relations from Application Components or Application Services, the target classes Business Actor and User must not be restricted.

Workspace "Capability Investment Planning"
  • The Capability Investment Planning template is only available to users who have the following access rights:

    • Write access to at least one of the Capability or Business Function metamodel elements.

    • For the properties listed below, read access is required unless write access is explicitly stated.

    Capability or Business Function (at least one)

    • Name (write access required)

    • Level (Capabilities only)

    • Strategic importance (requires the default enumeration values) (write access required)

    • Strategic importance score (write access required)

    • Maturity (requires the default enumeration values) (write access required)

    • Maturity score (write access required)

    • Investment strategy (requires the default enumeration values) (write access required)

    • State (requires the default enumeration values)

Workspace "Application-based Roadmap"
  • The Application-based Roadmap template is only available to users who have the following access rights:

    • Read access to the Requirement metamodel element and to at least one of the Application Component, Application Service, Application Function, or Application Interface metamodel elements.

    • Read access to the Association relationship.

    • For the properties listed below, read access is required unless write access is explicitly stated.

    Requirement

    • Name (write access required)

    • Description

    • Valid until (write access required)

    • Status (requires the default enumeration values) (write access required)

    • Estimated cost

    Application Component, Application Service, Application Function or Application Interface (at least one)

    • Name (write access required)

    • Investment strategy (except Application Functions) (requires the default enumeration values)

    • Lifecycle state (except Application Functions)

    Association

    • Name
note

For outgoing Association relations from Requirements, the target classes Application Component, Application Service, Application Function and/or Application Interface must not be restricted.

Workspace "Capability-Based Roadmap"
  • The Capability-Based Roadmap template is only available to users who have the following access rights:

    • Read access to the Requirement metamodel element and to at least one of the Capability, Course of Action, Business Actor, or Business Function metamodel elements.

    • Read access to the Association relationship.

    • For the properties listed below, read access is required unless write access is explicitly stated.

    Requirement

    • Name (write access required)

    • Description

    • Valid until (write access required)

    • Status (requires the default enumeration values) (write access required)

    • Estimated cost

    Capability, Course of Action, Business Actor or Business Function (at least one)

    • Name (write access required)

    • Level (Capabilities only)

    Association

    • Name
note

For outgoing Association relations from Requirements, the target classes Capability, Course of Action, Business Actor and/or Business Function must not be restricted.

Workspace "Goal-Based Roadmap"
  • The Goal-Based Roadmap template is only available to users who have the following access rights:

    • Read access to the Requirement metamodel element and to at least one of the Goal, Outcome, or Driver metamodel elements.

    • Read access to the Association relationship.

    • For the properties listed below, read access is required unless write access is explicitly stated.

    Requirement

    • Name (write access required)

    • Description

    • Valid until (write access required)

    • Status (requires the default enumeration values) (write access required)

    • Estimated cost

    Goal, Outcome or Driver (at least one)

    • Name (write access required)

    Association

    • Name
note

For outgoing Association relations from Requirements, the target classes Goal, Outcome or Driver must not be restricted.