About user permissions

A set of simple user permissions can be applied at both the database level and the model group level.

Types of user

With access permissions activated there are four types of InfoWorks WS Pro user:

• Database owner - A database owner has full administrative powers over the database. Details
• The creator of the database automatically becomes a database owner.
• There can be more than one owner of a database.
• Only database owners can turn user permissions on or off.
• Only database owners can create model groups at the top level of the database.
• Only database owners can copy model groups and then paste them at the top level.
• Only database owners can assign owners to model groups. This is true even if the model group is a sub-group of an existing model group.
• Only database owners can turn protection of global settings on or off.
• Model group owner (full) - Appointed by a database owner, the owner of a model group has full edit and delete powers over that model group. Details
• Only database owners can create model groups at the top level of the database. Model group owners can create additional model groups within the group they own.
• By default, model groups at the top level have no owners.
• Ownership of model groups is recursive. Owners of a model group will also have full edit and delete powers over "child" model groups contained within the model group.
• Who owns a model group can be seen in its properties dialog. The properties dialog will only display owners that have been specifically appointed to that group and will not display owners of parent groups. For example, if parent Model Group A with owner 'user1' has a sub Model Group B, 'user1' will only appear in the properties dialog for A although 'user1' will also have full edit powers over B.
• Model group owner (branch)- Appointed by a database owner, the branch owner of a model group has read-only access to 'parent objects' in the model group, but may create and edit branches from parent objects. Details
• Parent objects are those objects created by a full model group owner or database owner.
• A branch owner cannot carry out any editing on parent objects in the model group, but may be able to carry out other operations that do not alter the underlying data (for example, creating selection lists and workspaces).
• A branch owner can check out and create a branch from a version controlled parent object in the model group and can extend a branch that they have created.
• A branch owner would not be able to commit parent objects.
• A branch owner can only work with version controlled objects using the lock method. They cannot use the merge method. Refer to Managing version controlled objects for more information.
• Database user - A database user has read-only access to the database. Model group owners are also database users and have read-only access to model groups that they do not own. Details
• A database user cannot carry out any editing but may be able to carry out other operations that do not alter the underlying data. A database user can:
• re-run simulations that have previously been run successfully
• create and use graphs
• create and use layer lists
• create and use label lists
• create and use selection lists
• create and use stored queries
• create and use themes
• create and use workspaces

General information about user permissions

It is not obligatory to activate user permissions. With user permissions turned off, all users have database owner powers.

You can check whether user permissions are activated or not on the InfoWorks WS Pro About Box. It will also tell you who the database owners are, and if the current user is a database owner.

When user permissions are activated, you can tell who owns a particular model group by right-clicking the group, choosing Properties, then clicking the Owners tab.

There are a number of database-wide settings that, by default, can be edited by all database users. These global settings can be protected, allowing only edits by database users to be saved.

If a database owner makes changes to InfoWorks WS Pro user permissions, these changes will not be applied to users who are currently using the master database until they exit InfoWorks WS Pro and open the application again.

The user turning on permissions for the first time is automatically added as a database owner. This prevents a situation where nobody has ownership of the database and all potential users are locked out.

Security

The user permissions implemented by InfoWorks WS Pro are designed to prevent users from accidentally making changes to data they should not be editing. It is not a foolproof solution to deliberate sabotage, although it will make this much more difficult.

To ensure the best security for your data, you should also:

• have a sensible strategy for backing up your database (see About backing up your data)
• control user access at the server level

IWLive Pro permissions

The permissions implemented to control access to various areas of the IWLive Pro software application are set up in the IWLive Pro Permissions dialog. This dialog is accessible from InfoWorks WS Pro to administrators (when no objects are shown in the main window) by selecting File | Master database settings | IWLive permissions. This menu item is enabled only when user permissions are implemented for the current database.

Like general permissions, permissions for IWLive Pro are implemented on a per database basis.