User management

[qwerty]

We have several EA repositories on a SQL server where a couple of modellers work. Since we use Require Lock to Edit we have EA security enabled. The problem we have here is that all users need to be maintained individually in the single repositories. What we currently do is exporting the users as reference data, login to the other repositories and import the users. This is quite tedious. It would be much more convenient if I could tell EA to directly map the users to other repositories. (I just remember a post where Uffe wanted model elements representing EA repositories. How nicely that would fit here.)

Honestly, taking the above step it should not be difficult to have some kind of central user management. E.g. by having a master repository. Which in turn could contain Uffe's repository elements to model the deployment.

q.

[Geert Bellekens]

Another solution to this could be to use Active Directory groups.
For me it would be ideal that I only need to add someone to the correct AD group to get them access to the appropriate EA models.

Geert

[qwerty]

But that would need an sys admin on the windoze side?

q.

[Uffe]

Yes, but you basically need that anyway, since that's the way you manage access to the databases. Unless you either
a) do that manually, which is a pain, or
b) use a single database user account for all EA users, which is poor security.

It would be *very* nice to be able to specify a single AD-group-to-EA-group mapping, in other words to say "all Windows users belonging to AD group X shall be allowed to log into this project as members of EA group Y."
That would be for the large-scale deployment scenario. For the medium-scale one, I agree it would be useful with the "import users from other project" feature. And there is a precedent for this type of function already: baselines.

[qwerty]

Yes, but you basically need that anyway

No. I'm an EA admin but thankfully not one for Windoze. Maybe I'd think different if I were one.

q.