To control what a Redpeaks end user can see and modify among all defined SAP systems and their associated monitoring configuration. This is controlled by the definition of Permission and Authorization Profiles

• Permission Profile will determine what can be changed (create, update, delete) in systems, connectors, monitors, SAP users and monitoring configuration.
• Authorization profiles are used to associate permission profiles with SAP systems.
• The association between permission profiles and SAP systems can be done by:
  • Groups (company): All systems belonging to the group will be associated to a permission profile.
  • Tags: All systems flagged with the same tag.
  • Group and Tag: All systems within a given group AND flagged by the same tag.
• User profiles: are used to associate a single user to one or several authorization profiles. This will define what the user will see and what he can modify.
• A user will only see the systems being associated to permissions profiles associated to his authorization profiles.

Be aware that users authorization management elements, workflow and settings prior to Redpeaks 6.7 will be completely obsolete. All assignments User - User Group and user Groups settings will be lost and not taken into account. Please adapt all settings made in Redpeaks older versions to the new Authorization policy.

• From the Users and Authorization menu, you can manage permission profiles
• A Permission Profile defines the kind of actions (create, update, delete, assign, etc) that will be granted or denied on following entities:
  • Systems
  • Connectors
  • Monitors
  • SAP Users
• You can define several profiles according to your needs:

• Enter a unique profile name
• Define permissions for each entity:
  • Systems/Connectors: Actions on systems and connector profiles
  • SAP users: Actions on SAP users profiles
  • Profiles: Define if the profile allows to assign monitoring profiles to connectors
  • Monitors: Set permissions allowing to edit a monitoring configuration (monitors) associated to a connector
  • Reports: Allow or deny permission to View (then Download), Delete and manually send by email Redpeaks Reports
• To allow read only access, simply create a profile without any checkbox active.

• An Authorization Profile establishes on which the Redpeaks elements a given number of different Permission Profiles will apply.
• It gives the possibility to Administrators to grant or deny users to access to this Redpeaks features :
  • Create, Update and Delete Profiles : These settings will allow users to perform actions on Profiles not yet assigned to systems connectors
  • View Change tracking : Allows or denies users to access to the “Change tracking” history feature.
  • Notice that settings listed above will be effective
• About visibility : Notice that the simple fact of assigning ANY Permission Profile to a given Group (Company) within an Authorization Profile will make this Group visible (displayed) in Redpeaks console of the users affected by the Authorization Profile
• To access Authorization Profile management : Administrator Settings → Users and Authorizations → Authorization profiles

• Enter a unique profile name (be aware that Redpeaks will check that the name is unique when saving the profile).
• Check the global actions that are going to be granted on monitoring Profiles (Create, Update, Delete)
  • Notice that this will allow or deny a user to change profiles monitors settings globally
  • Only Profiles that have not been assigned yet to a connector will be affected
• Check/uncheck View change tracking
  • This action will allow or not a user to see all Redpeaks Changes tracking records

• Redpeaks Administrators can assign multiple Permission Profiles to a single Authorization profile.
• In the same operation, each Permission Profile can be applied to one or more Groups (Companies) and/or to one or more Tags.
• In the example here below, Redpeaks Administrator will create an Authorization profile named “FullAccessOnCompanyAandCompanyBTagDev” and will assign to it the Permission profile named “FullAccess” previuosly created.
• This “FullAccess” Permission profile will be granted to all Systems of Company “CompanyA” and only to Systems tagged with Tag “DEV” belonging to “CompanyB”

• Click on “Assign”
• In the same line, three dropdown lists will be displayed : Permission profile, Group (Company) and Tag. A button “Add” is also displayed
• In the example above illustrated :
  • Select Permission profile “fullAccess”
  • Select Group “CompanyA”
  • Select NO Tags
  • Click on “Add” (the corresponding row will be now displayed on the screen)
  • Select Permission profile “fullAccess”
  • Select Group “CompanyB”
  • Select Tag “DEV”
  • Click on “Add” (the corresponding row will be now displayed on the screen)
  • Click on Save
  • ATTENTION : If you are creating the Authorization profile and at the same time assigning Permission profiles remember to * click on Save to save all assignations * and then to click on Save to save data entered for the creation of the Authorization profile itself

• Redpeaks gives Administrators the possibility to establish priorities concerning the order on which all permissions will apply to ProMonitor elements (Systems, Connectors, etc)
• To modify permission priorities, edit the Authorization Profile and use the arrows of each assignation (see image below)

• Administrator have the possibility to assign one or more Authorization Profiles to a ProMonitor user.
• To access Redpeaks Users management : Administrator Settings → Users and Authorizations → Users
• Click on the Edit icon corresponding to the User you want to modify
• Select one Authorization Profile
• Add, Save

Find here below some examples illustrated step by step :

• Granting read-only rights on only one company
  
• Allowing full access on two companies
  
• Granting read-only rights on two companies and create/update on another company
  
• Different access types depending on companies and system tags