How can I authorize who has access to particular projects, diagrams and folders?

By Authorizing an organization, groups and users you give them user rights to access and manipulate particular projects, diagrams and folders.

The users and groups can be created by a user in the User Manager role using Users and group setting tool.

There are no separate rights for items inside Roles, Documents and custom type folders. Every user who gets a Create right for the specific type folder (so, he can create a new items in this folder) gets automatically a right to rename or delete any item inside.

Since the Tables, Roles and Documents folders are fixed system folders and cannot be renamed, hidden or deleted, nobody can remove the Read right or get the Update or Delete rights for these folders.

Moreover, the custom types cannot be hidden so nobody can remove the Read right for them.

A user automatically inherits his rights from the organization his is in and from all groups he belongs to. This means that although a user is not explicitly shown in the authorization dialog for a specific project, diagram or folder he can still have some rights that are indirectly inherited.

You can see an overview of all actual rights for one selected folder or diagram in the Authorization overview report.

If you want to see an overview of rights for all elements of the open project at once use the Project authorization overview.

To authorize users to access and manipulate certain folder or diagram select it in the Project pane and then press the Authorization button in the Authorization group of the Collaboration tab. If you want to authorize the whole project press the Project authorization button

AuthorizationGroup

The following dialog appears:

Initially, the creator of a project gets all the rights for it. He can grant or pass these rights to other users using this dialog.
The creator of a folder or a diagram also gets all the rights if the content rights are not defined for the embedding project or folder.

(Note: If you have upgraded your licence to Suite then the initial authorization for all projects, folders and diagrams created before the upgrade is granted only to the whole organization.This means that all users have all rights in this case. To limit them you have to remove rights from the organization and assign them to groups or to specific users.)

If you yourself do not have the Authorize right for the selected element then this dialog will open in the read-only mode. You can see who has what rights but you cannot change them.

If you want to change a specific right for an organization unit (user, group or organization) that is already in the list on top of the dialog just click this unit and then check on or off the corresponding boxes in the list below.

If you want to remove all rights of some organization units, select these units and then press the Remove user/group button.

If you miss a group or a user in the list press the Add user/group button, select a user, a group or the organization from the list that appears and press OK. You can select more than one item here. You can also search for an organization unit typing its name in the search edit box above the list. The list will be automatically filtered while you type.

Now, you can assign specific rights to the added unit by checking corresponding boxes below. 

Check Replace authorization on lower level folders and diagrams with this set of authorizations if you want to apply the specified authorization to all folders/diagrams included in the currently authorized project/folder.
Check Apply only new added and removed authorizations on lower level folders and diagrams if you want to apply the authorization changes to all folders/diagrams included in the currently authorized project/folder. 
Press the OK button to apply these settings.

If you check Apply only new added and removed authorizations on lower level folders and diagrams then you will be informed what are the changes that will be really applied. In the message below you can see that one user will get the Delete right whereas another one will lose the Publish right.

It may happen that you will try to authorize a user to read a diagram whereas he cannot even read the whole project or folder where the diagram is in. Then, Engage Process Modeler will try to fix this problem for you. You will get a message like the following one. 

This message is informing you that the folder the diagram is in and the whole project together with its type folders will become readable for this user as well.

Every project, folder and diagram must have at least one user who has the full control over it (an owner). This is a user who has both Read and Authorize rights. If the changes to the authorization deprive the last user of these rights the changes will not be accepted. You will get the following error message:

Notice that even if none of the check boxes in the left column are checked yet the read-only check boxes in the right column that specify the actual combined rights may be already checked. This is because a user inherits rights from all the groups he belongs to and users and groups inherit rights from the organization. You can check the membership of a user or the list of members of a group by clicking the Show Membership/Show Members button. The dialog with the group or user list appears.

This membership can only be changed by an authorized person in the User Manager role (see Add/remove group members).