Please note : This help page is not for the latest version of Enterprise Architect. The latest help can be found here.

Configure User Security

What is User Security in Enterprise Architect?

User security in Enterprise Architect can be used to limit the access to update functions within the model.

Security in Enterprise Architect is not designed to prevent unauthorized access; rather it is intended as a means of improving collaborative design and development by preventing concurrent editing and limiting the possibility of inadvertent model changes by users not designated as model authors. Where user security is enabled a password is required to log in to the model. Elements can be locked per user or per group.

With workflow administration permissions, you can also develop workflow scripts (using the Scripter window). Workflow scripts validate and control user input.

User Security Basics

User security is available in the Corporate, Business and Software Engineering, System Engineering and Ultimate editions of Enterprise Architect. It offers two policies: the standard security mode and the rigorous security mode.

  • In the standard security mode all elements are unlocked and, as necessary, a user can set a user or group lock on any element or set of elements in order to make changes and protect those changes.
  • Under the rigorous security mode an Enterprise Architect model is read-only and nothing in the model can be edited until explicitly checked out with a user lock.

For more detailed information on the security policies see the Security Policy topic.

User Security Tasks

A number of security tasks can only be performed by users with Administrative rights to the model. These tasks include:

Other Security tasks can be performed by users who do not have Administrative rights. These tasks include:


  • User security is not enabled by default in Enterprise Architect; you must enable it first.
  • For a number of operations in Enterprise Architect, if security is enabled a user must have the appropriate user or group access permission to perform the operation. However, if security is not enabled, the user does not have to have access permissions. See the List of Available Permissions topic.