Although Ardoq Discover aims to make your Ardoq data more accessible, Ardoq administrators still need the ability to set permissions to govern which people or groups can access which data.

Overview

Types of Permissions

Ardoq Discover User Rights

Ardoq Discover Admin Rights

Connection to Roles in Ardoq Core

Permissions in Practice [an Example]

Types of Permissions

Permissions in Ardoq Discover are based on Viewpoints. Ardoq administrators can grant read access to Viewpoints to different users and roles, and these permissions will determine who can see which information in the application. People or groups can have edit permissions, read permissions, or no default access.

Permissions can be set from the Viewpoint Builder asset management page by clicking on the three-dot control:

This opens the permissions dialogue where Ardoq administrators can assign permissions for pre-existing users and groups.

Edit Permissions

Only Ardoq administrators have edit permissions for Viewpoints. This means that Viewpoints can only be created or modified by administrators and that administrators keep centralized control of data access rights. This ensures that Viewpoints are defined by the users with the best understanding of the Ardoq organization’s repository structure.

Read Permissions

By default, Ardoq administrators have read permissions to all Viewpoints. Ardoq administrators can grant read permissions to a Viewpoint to any user or group.

With Read Permissions, a user or group will:

  • See that Viewpoint in the Viewpoint Selector menu

  • Get read permissions to all the workspaces connected to that Viewpoint

  • Have read access to all components and references included in all the Viewpoints they have read access to. For example, if a user or group has access to a Viewpoint containing server data, then they have access to server data even if they have not been granted access to any other Viewpoints containing servers.

This differs from core Ardoq where permissions are on a workspace-by-workspace basis. Without Read Permissions, the Viewpoint will not appear in the Viewpoint Selector menu at all. The thinking behind this is that someone with read access to a Viewpoint should have read access to all the underlying workspaces otherwise they should be given read access to an alternative viewpoint that excludes sensitive data.

Thirdly, it’s important to understand that the component and reference types a user has access to see depend on all the Viewpoints they have read access to.

Ardoq Discover User Rights

Ardoq Discover users have access to the Ardoq Discover platform where they are a consumer of the viewpoint information provided by the admin. In addition, they are a contributor of the role-specific expert knowledge to the enterprise knowledge graph.

Here are 4 things users can do in Ardoq Discover today.

1. Use the search bar

Search Bar on The Ardoq Discover Home Page

Today Ardoq Discover users can access the Ardoq Discover home page and type the information they’re searching for in a search bar. This is the fastest way for a user to find everything related to them in the organization.

Quick Search Bar on The Viewpoint Page

If an Ardoq Discover user wants to compare a few components of the same viewpoint, they can do it on the viewpoint page using the quick search bar.

The quick search feature brings the essential functionality of the search bar from the Discover home page to the Viewpoint page allowing users to view data in parallel and in the same viewpoint.

2. Access the Viewpoint Selector menu

By default, every user has access to the Viewpoint Selector menu, the “Browse” feature in the search bar. However, they see only the workspaces associated with a Viewpoint shared by the admin.

This menu offers an alternative to a search bar. It helps users find information related to a specific part of the organization.

3. Access viewpoints

An Ardoq Discover user only accesses viewpoints shared with them by the admin. A user accesses viewpoints via the email notification link or from the Ardoq Discover home page. Through the viewpoints, users can run instant impact analysis, identify experts, and explore how they’re connected to the wider organization.

4. Contribute their knowledge

In order to automate workflows and support constant improvements, users contribute their knowledge to the Ardoq Discover knowledge graph by answering the surveys linked to the component types in Discover whenever information related to a role should be updated.

Get in touch with the admin

To facilitate communication and support between an Ardoq Discover user and admin, we added the "Contact admin" feature that can help users contact the admin in case they face any challenges while working with a viewpoint. They can also request changes to the viewpoint or data in the view.

The user can easily find the viewpoint admin’s contact information directly on the viewpoint’s page as well as a message template including a link to the viewpoint. They can use this template to send an email to the relevant admin.

Ardoq Discover Admin Rights

An Ardoq Discover admin role focuses mostly on the distribution of the role-specific insights across the organization. An Ardoq admin can:

  • Create viewpoints and assign permission rights to the viewpoints.

  • Create or modify surveys and enable them in Ardoq Discover.

  • Create or modify broadcasts and link them to the viewpoints in Ardoq Discover.

In order to provide both Ardoq Discover admins and users with the best experience, we roll out improvements constantly. This means that the list of features available to an admin and a user may change in the future. All Ardoq Discover customers will be notified of any changes.

Connection to Roles in Ardoq Core

Typically, an Ardoq Discover user has the “Contributor” role in the Ardoq core app.

If the user is only a Contributor in Ardoq, they will need to have "Access to viewpoint" permission to access a Viewpoint in Discover. If they do not have access to any viewpoints, the result page will be empty.

Permissions in Practice [an Example]

Let’s take a look at how this works in practice.

An Ardoq administrator will have access to all data in Ardoq Discover. This means firstly that the administrator sees all workspaces in all viewpoints in the search bar’s hierarchy browser.

If the administrator goes into to view a particular component - let’s say the SAP ERP application - then they’ll see all its associated components to one degree of relationship.

Now, let’s say they have defined a new Viewpoint consisting of 4 component types: Business Capabilities, Applications, Servers, and Locations. Each of these types sits in separate workspaces with the same names.

Now they grant a user read access to that Viewpoint. It’s the only Viewpoint this user has access to.

Now the user Diana can access Ardoq Discover and she can search in any of the workspaces included in the Viewpoint. Permissions also include the parent folders of those workspaces, so she can see these but can only see the workspaces within the folders she has access to, not the contents of the whole folder.

Next, when Diana searches for the same application - SAP ERP - she still sees the default viewpoint view, but this time only sees the component types included in her Viewpoint.

She cannot see locations here because the default viewpoint only goes one step from the context component, and locations are two steps away. If she recontextualizes on a server, she’ll then see the location components.

Did this answer your question?