Bentley Communities
Bentley Communities
  • Site
  • User
  • Site
  • Search
  • User
Licensing, Cloud and Web Services
  • Welcome to Bentley Communities
  • Bentley's Communities
  • Licensing, Cloud and Web Services
  • Cancel
Licensing, Cloud and Web Services
Licensing, Cloud and Web Services Wiki Entitlement Groups - Managing Access
    • Sign In
    • Eastern Europe Continuity Plan
    • Guest Accounts - Review Access
    • -Web Services
      • +CONNECT Center
      • -Subscription Services Portal
        • +Subscription Services Portal Overview
        • +User Management 2.0
        • -Entitlement Management
          • Entitlement Country
          • Server Product Access Keys
          • -Application Entitlement
            • +Application - General Access
            • Default Access
            • -Entitlement Groups - Managing Access
              • Managing SELECTserver Activation Keys in SES
            • IMS Users
          • +License Alerting
          • Evaluations
          • +Practitioners
          • +License Checkouts
          • +SELECTserver to SES Migration Guide
          • +What's New in Entitlement Management?
          • Change History
          • +Known Issues
          • +Machine Registration for non-SELECT accounts
          • Missing ProjectWise licenses on Application Portfolio page
          • Practitioner Entitlements - Azure Marketplace
        • +Roles and Permissions (Role-Based Access Control or RBAC)
        • +Service Request Manager
        • +Software Downloads
        • +Subscription Analytics
        • Software Administration
        • +Virtualized Environments
        • Enterprise License Subscription (ELS) Eligibility List
      • +Bentley Cloud Services Overview
      • Status Dashboard
      • Account Status: ON HOLD
      • We didn't recognize the email address or password you entered
    • +SES Activation
    • +CONNECTION Client
    • +CONNECT Advisor
    • +Federated Identity
    • +SELECTserver based Activation
    • +Pre-SELECTserver Based Activation
    • +Product-Specific Licensing
    • Understanding why you received a TL Invoice
    • Working from Home using Bentley Licensing
    • +Licensing Workflow
    • How to leave a Product Review
    • +Serviços ProjectWise 365
    • About Bentley Trust Licensing
    • Customer Number, Account Number, Entitlements, Users
    • How to delete Bentley account and all related data
    • Support for non-Bentley technologies utilized by Bentley products
    • Support for V8i applications after December 31st, 2021
    • +Support Homepage - Localized
    • What you need to know/request when consolidating Accounts

    Entitlement Groups - Managing Access

    Entitlement groups allow easier management of entitlements across a group of users. The entitlements that the group’s users are allowed to access are defined by the Allowed Applications list. 

    Users will be denied access to applications outside of that defined list unless the user is in another group that allows access (see What happens if a user is in multiple Entitlement groups?).

    If the Allowed Applications list is empty, as it will be when first setting up a group, it’s assumed that the configuration is still in progress, so the empty list is not applied. This means that users in the entitlement group will not be blocked from all applications if the list is empty.  It will try to apply previous configured exceptions from the old-style groups, if any exist, or apply the access setting from the country-level.

    • How is this different from previous Entitlement group behavior?
    • What happens with previously configured Entitlement groups?
    • What happens with previously set User level exceptions?
    • How to check what exceptions were previously configured in Entitlement groups
    • How to create a new Entitlement Group
    • How to enable Entitlement group changes
    • How to add Allowed Applications to restrict users in a group to a strict list of entitlements
    • How to extend a user's entitlements to include the Entitlement country entitlements plus the group's list Allowed Applications
    • How to Convert existing entitlement group exceptions into Allowed Applications
    • What happens if a user is in multiple Entitlement groups?

    How is this different from previous Entitlement group behavior?

    Previously, entitlement groups used an Exceptions list that could be used to override an application’s access setting at the country level. If the group did not have an exception for the application, then the country-level access setting was used.

     Entitlement groups now use an explicit Allowed Applications list that defines which applications entitlement group’s users can access.

    What happens with previously configured Entitlement groups?

    Previously configured Entitlement groups that have exceptions will continue to operate as before until the Allowed Applications list have been configured.  As soon as one application is added to the Allowed Applications list, that list will define the entitlements that the group’s users are allowed to use.

    To convert previously configured exceptions into the Allowed Applications list, please see How to Convert existing entitlement group exceptions into Allowed Applications

    What happens with previously set User level exceptions?

    Previously set User level exceptions will not change: they will continue to take the precedence over group-level access settings.

    How to check what exceptions were previously configured in Entitlement groups

    The only way to see allowed and blocked exceptions previously set for a certain entitlement group is through the conversion dialog.

    To access it:

    1) Login to https://subscriptionservices.bentley.com/ with a user that has Account Admin or Co-Administrator role

    2) Navigate to Entitlement/License Management (https://connect-entitlementmanagement.bentley.com/#!/Account/SubscriptionInformation) from Enterprise portal Entitlement/License Management tile or left navigation menu

    Entitlem3ent Management Tile

    3) In left navigation menu under Users and Groups icon select Allowed Access Group https://connect-entitlementmanagement.bentley.com/entitlement/groups

    4) Select The entitlement group (if no groups appear, then they have not been created - Entitlement Groups are created under User Management)

    5) Click on a convert button

     

    6) A dialog opens and shows all group level exceptions that were created for this Entitlement Group.

    How to create a new Entitlement Group

    To create a new Entitlement Group please follow the steps described in this article.

    How to enable Entitlement group changes

    To enable changes described above, at least one application needs to be added to Allowed Applications list. Otherwise all entitlements available to the account will remain available to the group users.

    You can either add allowed application or convert previously set entitlement group exceptions.

     

    How to add Allowed Applications to restrict users in a group to a strict list of entitlements

    1) Login to https://subscriptionservices.bentley.com/ with a user that has Account Admin or Co-Administrator role

    2) Navigate to Entitlement/License Management (https://connect-entitlementmanagement.bentley.com/#!/Account/SubscriptionInformation) from Enterprise portal Entitlement/License Management tile or left navigation menu

    3) In left navigation menu under Users and Groups icon select Allowed Access Group https://connect-entitlementmanagement.bentley.com/entitlement/groups   

    4) Click on a previously created Entitlement group name, you will see the following -

    5) Start typing in the application search and a dropdown will appear

    6) Select Allowed Applications tab

    7) In the Search field search for an application that you want this group to HAVE access to. Select the application and click on a blue plus sign

     

    8) Selected application appears on the list. You can repeat this to add many applications in one go.

     

     9) Leave the option to Include Allowed Applications from the entitlement country turned off.

    10) Once the group has at least one application in Allowed Applications list, all other applications are blocked for Activation Keys and Group Users associated with this group.

     

    How to extend a user's entitlements to include the Entitlement country entitlements plus the group's list Allowed Applications 

    Follow the same steps to How to add Allowed Applications to restrict users in a group to a strict list of entitlements, but enable the option to Include Allowed Applications from the Entitlement country.

    Turning on this option will provide the users in the group all of the entitlements from their Entitlements country plus any of the Allowed Applications added to the group.  This will override any Denied access settings for the products that might have been set at the Default or Product level. 

    This is a good way to limit who can access certain products as they can be Denied for everyone else in the organization by using the Product-level or Default-level access controls and Allowed only for the users in a particular Entitlement group.

    Include Allowed Applications from the Entitlement country option is also shown in Entitlement Groups list, Allowed Applications Included column. Applications column in the same page shows number of applications enabled for the Entitlement group. It does not add applications from Entitlement Country when such are enabled.

    Note: it's important to keep in mind that all Allowed entitlements are additive across all of a user's Entitlement groups.   If a user is in multiple Entitlement groups, that user will have access to all of the Allowed entitlements defined by all of their groups together.  If the option for Include Allowed Application from the Entitlement country is turned on for one of the user's groups, even if it's off for the other groups, the user will have access to all the Allowed applications for their Entitlement country as well as all of the products in the Allowed Applications list for all of their groups.

    How to Convert existing entitlement group exceptions into Allowed Applications

    Administrators can convert previously configured exceptions into the Allowed Applications list using the steps below.  This conversion will take the exceptions configured for Allowed and add them to the Allowed Applications list.  Any exceptions that were configured for Denied will not be converted as leaving them out of the Allowed Applications list will have the same effect.  At the end of the conversion, all previously configured exceptions will be removed.

    Note: This convert functionality only allows administrators to take the exceptions list from an Entitlement group that was  previously configured in Entitlement Management and move that list into the Allowed Applications list.  The Convert functionality does not support conversion of a Restricted Applications list from SELECTserver into this list in the Subscription Entitlement Service.  That must be done manually.

     To convert allowed group level Exceptions to Allowed Applications in a certain Entitlement group:

    1. Login to https://subscriptionservices.bentley.com/ with a user that has Account Admin or Co-Administrator role
    2. Navigate to Entitlement/License Management (https://connect-entitlementmanagement.bentley.com/#!/Account/SubscriptionInformation) from Enterprise portal Entitlement/License Management tile or left navigation menu
    3. In left navigation menu under Users and Groups icon select Allowed Access Group https://connect-entitlementmanagement.bentley.com/entitlement/groups
    4. Select the group that you want to convert
    5. Click on a convert button

     

    1. A dialog opens and shows all group level exceptions that were created for this Entitlement Group. You can select to Convert Allowed This converts the group to Allowed Access group. All access blocking exceptions are deleted.

    You can delete all previously set exceptions. This will enable entitlement group’s users access to ALL applications until an application is added to Allowed Applications list.

    What happens if a user is in multiple Entitlement groups?

    The same user can belong to several entitlement groups (all belonging to the same Entitlement Country). In such cases, the list of entitlements that the user is allowed to access is defined by all the groups together. In other words, applications that are available to at least one group will be available to the user.

    Example: a user belongs to two groups A and B. MicroStation is in the Allowed Applications list in group A but not in group B. The user can use MicroStation.

    Other Language Sources

    Deutsch

    • managing access
    • Entitlement Groups
    • Share
    • History
    • More
    • Cancel
    • DanielB Created by Bentley Colleague DanielB
    • When: Fri, Jan 8 2021 8:58 AM
    • N.K Last revision by Bentley Colleague N.K
    • When: Thu, Jun 9 2022 9:57 AM
    • Revisions: 19
    • Comments: 0
    Recommended
    Related
    Communities
    • Home
    • Getting Started
    • Community Central
    • Products
    • Support
    • Secure File Upload
    • Feedback
    Support and Services
    • Home
    • Product Support
    • Downloads
    • Subscription Services Portal
    Training and Learning
    • Home
    • About Bentley Institute
    • My Learning History
    • Reference Books
    Social Media
    •    LinkedIn
    •    Facebook
    •    Twitter
    •    YouTube
    •    RSS Feed
    •    Email

    © 2023 Bentley Systems, Incorporated  |  Contact Us  |  Privacy |  Terms of Use  |  Cookies