Setting access control : System Architect Catalog Manager
System Architect Catalog Manager
System Architect Catalog Manager is an optional add-on tool that provides role-based access control to shared encyclopedias. Network or System Architect Administrators use it to control the permissions that users are assigned when they work on encyclopedias, and to control the commands users can run on encyclopedias attached to a catalog.
Typical System Architect users are not required to run System Architect Catalog Manager (SACM) to work on cataloged encyclopedias. It is not required that SACM is running when the catalog has been configured. The catalog, which is an SQL Server database on the same server as encyclopedias, enforces access control on encyclopedias that are attached to it. System Architect users only access the encyclopedia objects and System Architect menus granted to them through SACM.
What is an enterprise catalog?
An enterprise catalog is a SQL Server database that controls user access to other databases on the same server: those other databases are System Architect Enterprise type encyclopedias. Access control is enforced only on encyclopedias you attach to a catalog. The catalog manages the permissions by assigning to users, roles that determine the diagrams and definitions they can work on, and the System Architect menus and macros they can run against encyclopedias.
System Architect Catalog Manager provides two levels of access control to encyclopedia objects. The first level, role-based access control (RBAC), controls permission to object types. It is a general level of control that makes no distinction among objects of the same type. If you grant a permission to use case diagrams, then you grant permission to all use case diagrams. Instance Level Access Control (ILAC) provides a higher, more specific level of access control, where you can select different permissions for objects of the same type. For example, you can grant the “read” permission to one use case diagram, and also grant the “write” permission to a different use case diagram.
System Architect Catalog Manager and System Architect distinguish between encyclopedias attached to a catalog and not attached to a catalog. If attached to a catalog, an encyclopedia is of the type enterprise; if not attached, it is of the type professional. There are no structural or functional differences between the types, and they can be changed from cataloged to non-cataloged by attaching or detaching them from a catalog.
A user is an individual with a name and an audit ID who can be assigned one or more roles on cataloged encyclopedias. A group works the same as an individual user, except that it contains multiple members. A role that you assign to a group is assigned to all members of the group. A group itself can be a member of a different group.