Defining users

When you define users, consider which users need access to the Collaboration Server system and which users can wait or have their needs addressed in other ways.

You must limit the number of users of the Collaboration Server system. You must provide access to only those who will benefit the most from the features of the Collaboration Server system during the initial phases of implementing the Collaboration Server system. In later phases, because the Collaboration Server system hosts more data and business processes, you can add more users to the Collaboration Server system. The developers can concentrate on answering the needs of a smaller group of users at a time and the client can manage change efficiently.

You can place the users into two groups based on their level of activities in the Collaboration Server system.
Users with higher interaction with Collaboration Server
These are the users that have a reasonable amount activity in the Collaboration Server system. They might participate in the workflows and add, delete, and modify referential data in the Collaboration Server system on a regular basis.
Users with lower interaction with Collaboration Server
These users mostly query information with little or no editing authorization.
To avoid concurrency problems, try to limit the number of Users with lower interaction with Collaboration Server that have direct access to the Collaboration Server system. Here are some suggestions for limiting the number of users:
  • If the users with lower interaction with Collaboration Server log into the PIM system to search for the same information, on a regular basis, then it is better to send out a report to these users instead of giving them access to the Collaboration Server system. For example, if a group of users are interested only in the products that have gone live in the last week, then a report can be sent to this group instead of allowing the group to have access to the Collaboration Server system to query this information. This approach will reduce the burden on the Collaboration Server system. If there are 50 users that might search this information, instead of querying the Collaboration Server system 50 times, you can send a report that can run at a relatively down time.
  • If the information that the users with lower interaction with Collaboration Server is interested in is also available in another module such as the Merchandising system, then redirect the user to the Merchandising system.
  • If a system requires an extensive number of users to query referential data, integrate with an external search engine, such as Endeca to enhance the Collaboration Server system's search and presentation capabilities. Endeca needs to be purchased and is independent of IBM® InfoSphere® Master Data Management Collaboration Server . Because Endeca has its own database, users with lower interaction with Collaboration Server will query Endeca's database instead of querying the Collaboration Server system. To keep the external database updated, you can create an export from the Collaboration Server system that runs regularly.

Creating users

You must consider the following things when you create a new user:
  • Tasks performed by the new user.
  • Type of access privilege required.
If you want to integrate the Collaboration Server system with LDAP, then you can use LDAP for the user creation and authentication tasks.

Roles

To provide different access privileges to different users, you must define different roles preceded by the company name (company_role name). For example, you can define roles such as Acme_Admin, Acme_basic, and Acme_content_author preceded by the imaginary company name, Acme:
Acme_Admin
You can design this role to have all the access privileges. Users in the admin role can control all the other roles in an organization. You cannot edit the <companyname>_admin role.
Acme_Basic
You can design this role to have basic access privileges such as view access. You can edit the <companyname>_basic role.
Acme_Content_author
You can design this role to have basic access privileges such as add, edit, delete, and view access. You can edit this role.

Managing users

You can group the users in organizations. You can model the organizations as either external (customers or business partners) or internal entities that are separate business units within the company. You can use organizations to separate all suppliers or business units. You can create an organization spec to track the business unit information.
You can manage the users that you create but you cannot delete or recycle users:
  • After a user is created, you cannot delete the user.
  • Do not recycle user names. Although you can update role, locale, and personal settings assignments easily, the automatic audit trails of the Collaboration Server system will make tracing difficult. For example, a user with a user name Smith quits the company in January. In March, a new employee is hired and the same user name Smith is given to this new user. It will be difficult to trace the changes that are made in the Collaboration Server system by these two employees who were using the same user name without their employment dates.
If you integrate the Collaboration Server system with LDAP integration then you can handle all user maintenance with LDAP. Otherwise, you must create and manage the new users in the User Console in the Collaboration Server system or you can use a script to create users.
Note: You cannot delete a user from the application. It is not advised as it could corrupt the internal audit trail. Instead, if you do not want a particular user as part of the application, you can disable it. Moreover, deletion of the users should not be attempted directly from the database either as it could potentially corrupt your data.

Mapping roles to users

Mapping of roles to users is required to inherit the privileges from the roles to the users.

Some of the roles are defined by the business processes. For instance, for a New Product Introduction (NPI) process you can define roles for every department that is involved in NPI.

Each user needs to be assigned a minimum of one role in order to have access to objects, but you can assign multiple roles to a single user. However, if the two roles are in conflict with each other (for example, if they have different catalog access privileges), resolving that conflict takes time and typically results in poor page rendering performance typically results.


Last updated: 22 May 2018