Users, Roles and Access Rights
Evolve Web Platform 2020.0.1 and below: Users, Roles and Access Rights are only relevant to Dynamic Sites. Static sites are open to everyone to see who has access to the URL, and as the data is fixed and read-only permissions are irrelevant. If your Site configuration includes Access Rights and Roles, but you want to publish a Static version of the Site, then those elements are ignored in the generation. Evolve Web Platform 2020.0.2 and above: Whilst the Roles and Access Rights for the generated content are still operated at generation time, the gate to access to the site can now be controlled by Evolve Web Platform. This means that, when Static Authentication is turned on, users must be given 'Static' access, at a minimum to be able to access the site. If Static Authentication is turned off, Evolve Web Platform will still be required to check the usage mode, but will then pass through any requests for data, without further authentication. |
In order to view an access controlled Evolve Site, a User must log in with a valid Username and Password (or be given permission through Active Directory or SAML2 group acess). There are three types of User:
•Static Users - who can access a pre-generated static site. (If Static Authentication is turned off, anyone with access to the webserver will be admitted).
•Social Users - who only have read-only access to data, but can use all the Social features of Evolve, so they can Rate objects, set Favorites, collaborate using Comments and Questionnaires, and can Share pages with other Users
•Contributors - who can do all of the above, but can additionally Edit data as well, and can be involved in Workflow tasks.
•Diagrammers - who have the same rights as Contributors, but can additionally edit and create Diagrams using eModeler.
All Evolve Sites can have Static and Social Users, however a special license is required to have Contributors - and the license also controls how many Contributors you can have.
Web Modeler, for example, is a licensed application. Additional licenses are required on a per user basis in order to use Web Modeler on your Evolve Site.
Controlling who can see what?
There are two factors that determine which content a User can see in an Evolve Site:
•Roles - determine which Site pages a User can view
•CW Suite Access Rights - determine which objects a User can see, and whether they can create, read, edit or delete those objects.
NOTE: With Active Directory or SAML2 Authentication and a large number of users, it is likely that only Roles are used. |
Roles
Roles are used to determine which pages within the Site a User is able to view. That means the Menus and links in the interface are updated to remove all links to pages that the Role determines the User should not be able to see.
If a page has no Roles assigned to it, then all users in any Role can view it.
As an Evolve Administrator you can create as many Roles as you like, assign Users to those Roles, and then specify exactly which pages a Role is able to view.
If a User is in more than one Role, Evolve looks at all relevant Roles to see if the User is able to view the page.
Roles are also used with Evolve Workflow to specify who must approve changes made to data by other users.
For details on Roles and assigning Users to Roles, see: Working with Roles.
CW Suite Access Rights
While the type of User you are (Social User or Contributor) specifies what you can do in Evolve, and Roles control which pages you can see, CW Suite Access Rights and Extended Access Controls are used to determine what capabilities a User has with specific objects at a granular level.
CW Suite Access Rights can be used to make a User Read-Only, control which Models they can see, and what they can do with certain types of objects, like ones that are Frozen.
Extended Access Controls can be used to specify whether a User can Create, Read, Update or Delete objects based on either their Object Type or Category.
CW Suite Access Rights and Extended Access Controls are the final level of access control within Evolve. Even though a User might be a Contributor, and they can view a Table listing some Processes, they may not be able to edit all of the Processes listed. They may not even see all the Processes - and another User may see a different list of Processes.
For full details on CW Suite Access Rights and Extended Access Controls, please refer to the CW Suite documentation.
Active Directory or SAML2 Authentication
You can configure an Evolve Dynamic Site to automatically authenticate users based on Active Directory or SAML2 group membership.
Users authenticated in this way only have to browse to the Evolve URL and they are automatically signed in, without having to enter a username and password.
As an Evolve Administrator, you can state that Users in a specific Active Directory group should be Static Users, Social Users, Contributors or Diagrammers and you can assign them to an Evolve Role, and a CW Group.
Evolve Designer is the application used to create, configure and manage Evolve Sites.
In order to run Evolve Designer you must log in with a CW user that has System Manager rights. In addition, certain functions performed by Evolve Designer require that the application is run with administrator privileges on your machine. |
How to access and run Evolve Designer
For Dynamic Sites, or Static Sites that are directly published to a web server machine running Microsoft Internet Information Services (IIS), Evolve Designer must run on the web server itself.
We recommend that you do the following two steps to access and run Evolve Designer:
1.Create a Desktop shortcut for Evolve Designer.
2.Configure the shortcut to force the application to run with administrator privileges.do you want to do?
Create a Desktop shortcut for Evolve Designer
To create a Desktop Shortcut for Evolve Designer:
1. Right-click on your Desktop background and select New > Shortcut
The Create Shortcut wizard opens
2. Click the Browse button to navigate to and select evolveDesigner.exe
The normal installation path is C:\Casewise\evolve\Site\bin\evolveDesigner.exe
3. Click Next
4. Enter a name for the shortcut
5. Click Finish.
The shortcut is created.
Configure Evolve Designer to run with administrator privileges
To configure Evolve Designer to run with administrator privileges:
1. Right-click the Desktop shortcut and select Properties
2. Click Advanced
The Advanced Properties dialog opens
3. Select the Run as administrator check box
4. Click OK
The Advanced Properties dialog closes
5. Click OK
The shortcut Properties dialog closes.
Now, when you click the Evolve Designer shortcut on your Desktop, the program will run with administrator privileges.
Licensing
As of the 2018 release of erwin EA/BP Server, licensing is migrating to the standard erwin Inc. license system. During the migration, there will be a grace period, whereby existing customers can continue to use their existing Casewise licenses. erwin do not intend to force customers onto the new licensing, and will work with them to ensure a successful migration.
If you are considering upgrading to 2018, you should not be concerned with the new licensing system, as its usage is optional at the moment. |
The license types available for erwin EA/BP Server include:
License |
Description |
erwin EA Server |
The main server license which supports Evolve. This is usually supplied with a number of EA Contributor licenses. It often packages together both a Dynamic and a Static site license. |
erwin BP Server |
The main server license which supports Evolve. This is usually supplied with a number of BP Modeler licenses (aka eModeler). It often packages together both a Dynamic and a Static site license. |
erwin EA Contributor |
A single named user license, that enables users to modify content through a site. |
erwin BP Modeler |
A single named user license, that enables users to modify content through a site and use BP Modeler (aka eModeler). |
Activating your erwin License
The process for activating an erwin EA/BP license is very simple.
1. Support will provide you with a single license file per Server machine that requires licensing.
For example:
2. Having installed the software, copy this file to your server's desktop.
3. Double click on the file. You will be presented with a warning:
4. Press "Yes" to allow the tool to change the registry.
5. The software now has the purchased licenses activated on the server. To verify this, load the License Manager.
Open erwin CW Suite - Start Here...
6. Click on License Manager, and login.
7. License Manager will show the license code, activation count and various other attributes.
Returning your erwin License
If you need to move the license from on server to another, this can be performed up to 3 times, without contacting support.
1.Press "Return" in the "Online" section of the License Manage dialog
This will contact the licensing system, and return the license to the pool
2.Activate the software as usual on your new server.
If you run out of activations, you can have the counter reset, by contacting support.
URLs, File Paths and Directory Structures
This page explains how the URLs, file paths and directory structures work in Evolve.
Evolve Site URLs
There are three different URLs you can use to access Evolve, depending on how your deployment is configured.
Accessing the main Evolve IIS Site
The main Evolve IIS Site is only accessible if you use Evolve Dynamic Sites. If you use only Evolve Static, then this site is still created, but does not display anything. |
When you install Evolve and Configure the Server, it creates a top-level Evolve IIS Site.
The Site is used to provide the Evolve login dialog, as well as to show the page displaying the list of Model Sites that are available.
The site can be accessed using the following URL:
http://<server-name>/<evolve-IIS-site-name>/
where <server-name> is the name of your web server machine, and <evolve-IIS-site-name> is the name you specified in the Server Configuration application.
Depending on which authentication method your Evolve server is configured to use, when you access the Evolve IIS Site you log on and are then shown a list of all the Dynamic Model Sites you have access to. You can click any of the Model Site links to visit that Site.
Accessing a Dynamic Site
Dynamic Sites are published at the following URL:
http://<server-name>/<evolve-IIS-site-name>/sites/<site-url-name>/
Accessing a Static Site
Static Sites are published at the following URL:
http://<server-name>/<evolve-IIS-site-name>/statics/<site-url-name>/
File paths and directory structures
This section explains the folder structure used by Evolve on the web server machine. The names used are the default names for a typical configuration.
The Evolve files are typically found at C:\Casewise\Evolve
Within this directory, the following directories exist:
Folder |
Description | ||||||
Data
|
This folder contains all the necessary site-specific files created when you publish a Site. Includes the following sub directories:
| ||||||
Site |
Contains all the application files required for Evolve to run. Also is the home of the custom folder used to store customizations such as js, css, themes and images. Log files. | ||||||
Content |
This folder will only exist if you have had a previous version of Evolve on the machine. | ||||||
Static |
This folder will only exist if you have had a previous version of Evolve on the machine and had a Static Site published. |
Accessing object pages directly by the URL
There are two ways to access content directly in Evolve using URLs.
The Standard URL
Using the 'Share' button:
Will allow a user to share a page with another user. It is also possible to gain the same behaviour by copying the address bar URL from your browser and sharing this with other users. These URLs are model and site dependent. This means that they will only work for a given site, generated by a given model. This is because the identifier for the object is an ID that is local to the model. This is normal, and in almost all cases, is exactly what is required.
A sample of a Standard URL:
localhost/evolve/sites/voxdnoev/index.html#/cwtype=single&cwview=process&lang=en&cwid=1767
Where: cwid=1767 is the local ID for an object.
The UUID URL [Evolve 2016.1.1 and above]
A UUID based URL differs in the way that it identifies objects in Evolve. A UUID URL is still site dependent, in that the first part of the URL identifies the Evolve web site, however the latter part can be used with any site that supports the given object type, and has an object with the matching UUID. This means that objects which have been copied, or transfered by XML (or other means) from one model to another, will still be considered to be the same object.
A sample of a UUID URL:
localhost/evolve/sites/voxdnoev/index.html#/cwtype=single&cwview=process&lang=en&cwuuid= f0a9ed615e7b11e48273a08869a4da20
Where: f0a9ed615e7b11e48273a08869a4da20 is the UUID of the object.
How does this work?
When you access a URL using the cwuuid, Evolve will do a lookup in the model and redirect the page to the matching cwid.
If both cwid and cwuuid are supplied in the URL, Evolve will ignore the cwuuid parameter. |
Why might UUID based URLs be useful?
Take an example where you are running a master model in English, and take copies of this model to translate into French. You want to add the ability to reference the translated object from the English object. However, the IDs of the objects within the French model, may differ from those in the English model. It is therefore not possible to create a simple reference.
In this instance it is possible to use the UUID based URL. You can simply take the site portion of the French URL, and add the Object UUID from the English URL, and you have a new URL that can jump from French to English.
NB: To find the UUID of an object, either display this in your Evolve site design, or if you are developing a custom view, look to the JSON data structure that is returned by the Evolve server.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center