User Accounts, Profiles, Roles, and Groups

User management is a vital aspect of Open Cloud MDM, offering a comprehensive toolkit for handling user accounts, profiles, roles, and groups. This documentation delves into how these elements synergize to enable efficient user management.

In Open Cloud MDM, these components work in harmony, facilitating flexible and efficient user management. By linking user accounts to real-world contacts, defining profiles, organizing users into groups, and managing rights via profiles and groups, organizations gain precise control over access and permissions. This adaptable approach accommodates complexity, succession planning, and evolving roles, bolstering user management's effectiveness and security in the MDM system. Understanding this synergy is key to optimizing user management in Open Cloud MDM.

Independence of Rights

Rights and permissions within Open Cloud MDM are always assigned via user profiles and user groups. This independence ensures that user access remains consistent and manageable, regardless of individual user accounts. When a user's roles or responsibilities change, adjustments can be made at the profile or group level, minimizing administrative complexity.

User Accounts

User accounts are the foundation of user management in Open Cloud MDM. A user account represents an individual who interacts with the MDM system, typically associated with a real-world contact, such as an employee or customer. Several user accounts can be assigned to one contact.

Key aspects of user accounts include:

• Assignment to Contacts: User accounts are always assigned to existing contacts from the party domain stored in the CONTACT table. This ensures that user accounts are linked to real individuals or entities, allowing for accurate identification and accountability.
• Assignment History: Any changes in the assignment of a contact to a user account are meticulously recorded in the user account history. This historical tracking ensures traceability and transparency, as all assignment modifications are logged.

Use Case - Employee Change

Imagine an organization where employees frequently change roles. Instead of reassigning rights and profiles, the existing user account is updated to reflect the new role. This ensures a smooth transition and retains historical user data.

User Profiles

User profiles are configurations that define the roles, permissions, and access rights of users within the system. A user account is linked to one or more user profiles, which determine the user's capabilities and restrictions. Key aspects of user profiles include:

• Multiple Profile Assignment: A user account can be assigned to several user profiles simultaneously, allowing for flexible and granular control over a user's capabilities.
• Independent Rights Assignment: Rights and permissions are assigned through user profiles and user groups, making them independent of individual user accounts. This modular approach ensures efficient management of access rights.

Use Case - Multiple Roles: Consider a scenario where a user needs access to both sales and marketing data. By assigning the user account to both relevant user profiles, the individual gains access to the necessary information without the need for complex adjustments.

User Groups

User groups are collections of related user accounts who share common tasks, permissions, and data access requirements. User groups simplify user management by allowing the efficient administration of permissions across multiple users. Key aspects of user groups include:

• Logical Grouping: User accounts are organized into user groups based on specific criteria, such as department, job function, or task.
• Transaction Associations: User groups can be associated with transactions, defining which actions group members are authorized to perform. This association ensures controlled access to critical functions.

Use Case - Departmental Access: In a large organization, different departments have varying data access requirements. User groups can be created for each department and associated with specific transactions relevant to their responsibilities, ensuring data security and access control.

User Roles

In Open Cloud MDM, predefined user roles play a crucial role in defining the responsibilities and tasks of individuals within an organization. These roles provide clarity about which members of the organization might complete particular MDM tasks. It's important to note that these roles are descriptive and do not determine which features users can use. While the predefined roles serve as examples, organizations can define further user roles to align with their specific needs.

Predefined user roles:

• Architect: The Architect is responsible for overseeing the overall implementation of MDM into the enterprise, including setting up the infrastructure and connections to other enterprise information systems.
• Database Administrator: This role ensures the performance of data-related components, including data security and database availability.
• System Administrator: The System Administrator manages and maintains the IT environment for MDM and its operational tools, including system administration, networking, and backup.
• Solution Developer: The Solution Developer uses specifications created by Architects to build the MDM system.
• Data Steward: The Data Steward manages information quality for specific subject areas, coordinating quality controls, metrics, improvement efforts, and access authorization.
• Business Analyst: The Business Analyst provides analysis to enable the business integration of the MDM application into the enterprise.
• Business User: Business Users leverage enterprise information to achieve business goals.
• Application Developer: The Application Developer augments MDM to meet business requirements with additions and extensions.

Use Case - Role-Based Task Assignment: In a large organization, each user's role corresponds to specific responsibilities. For instance, the Data Steward focuses on data quality and control, while the Application Developer enhances MDM capabilities. These roles clarify who is responsible for what tasks, streamlining operations.