1. Individual users are created in Mirata using their first name, last name, and email address. Each user must have a unique email address. 
2. User settings determine how the user can log into the Mirata platform. The user management provider can either be the Mirata provider “Cognito” or another provider specific to that Mirata org that provides access through the company’s SSO (i.e. Azure).  
3. External System User IDs are used for integration with SAP so that transactions a user makes back to SAP can use their individual external user ID instead of a generic one for all transactions. 
   

1. Groups are used to group users together who should all have the ability to perform a set of actions in the system. 
2. A user can be part of multiple groups and groups can have multiple users in them. 
3. Rights to perform actions in the system are assigned to a group for a particular form type. 
   

Group Name	Description
Assembler Group	Assemble forms, incorporating additional components such as backend actions, data tables, templates, etc.
Designer Group	Create forms, workflows, and templates in the designer
System Administrator Group	Admin access to all components
User Administrator Group	Create/modify users
Inactive Users Group	Group with no rights to perform any actions in the system or log into the inbox, designer, or admin tool. Used for non-Mirata users to deactivate them

1. Role privileges consist of a user role and the rights needed to perform that role.
2. The list of rights is divided into three different categories of rights as follows:   
1. Regular rights - These are rights not associated with a group or a form type.
   
2. Group rights - These are rights needed to interact with groups and/or users.
   
3. Form Type rights - These are rights needed to interact with objects that are associated with a form type such as a Form Definition, or a Form Workflow. 
   

Regular Rights
Form Type	Add and maintain the list of form types
Image	View/add/edit images in the image gallery
DataTable	View/add/edit a data table
Connection info	View/add/edit a connection (SAP, maximo, etc.)
Backend Action Definition	View/add/edit a backend action (add record to data table, fetch from SAP, etc.)
Organization	Modify the organization information (name, main contact, time zone, administrators, etc.)
License	Not used at this time
Role Rights	View/add/edit user roles and the rights needed to perform the role
Queries	View/add/edit submission queries
Template Definition	View/add/edit template definitions
Log Info
Log Info Read	View the error log info
Form Type Rights
Definition	View/add/edit form definitions
Form Instance	Add/edit/delete individual form instances of the definition (also called submissions)
Workflow	View/add/edit workflow definitions
Mapping	View/add/edit import mapping definitions
Group Rights
Group	Interact with groups to read their properties
User	Interact with users to read their properties
User Management	Reset passwords and enable/disable users
Login Rights	Log in to different areas of the Mirata platform (i.e. the inbox, designer, and admin tool)

1. Form roles are assigned to a user or group to provide that user or group with the role right.
2. If a group is specified in the form role, then the rights apply to that specific group and all child groups.
3. If a form type is specified in the form role, then the rights apply to that specific form type.
4. A wildcard can be specified for the form type on the form role which will append a “*” to the form type for the rights apply to the specific form type and all children of that form type.

Role Right	Description	Standard Group Assignment
System Administrator	Administrator role, superuser rights	System Administrator
Designer	Form developer role to configure forms and workflows	Designer
Assembler	Form developer role to configure data tables, backend actions, etc. and add them to forms	Assembler
Form User	Form user role, rights to create and update form submissions	N/A
Form Reader	Form user role, ability to view form submissions	N/A
Group Administrator	Administrator role, ability to add new groups and users	User Administrator

1. Every form must have one and only one form type. You set the form type when you create a form and you can later change the form type in the Admin Tool if needed.
2. By assigning roles to users, you define which users have access to which forms based on the form type assigned to that form.
3. For types are hierarchical, so you can have parent and child form types.
   

1. Control From Creation Permissions: Ability to create Work Clearance Management forms is limited to those who have access to the “WCM Forms” Form Type.
2. Task Handover: Transition from Technicians to Supervisors easily. Once Technicians complete their portion, automatically hand over the form to the Supervisors group using workflow form assignments, so a supervisor can complete the approval stage. 
   
3. Role-Specific Permissions Within the Form: Control who is authorized to complete certain actions in the form, such as limiting final form approval actions to those in the Supervisors group.