Talk:Functional Document
Add topic1. Introduction[edit | edit source]
This document represents the functionality of the software product ‘DIPS EVO’.
DIPS evo is a self-service system for employees at MBVD (Mercedes Benz Vertrieb Deutschland) for structured organization of access rights to folder structures.
Add image
2. Project Overview[edit | edit source]
The DIPS Evo (Digital Provisioning Information System) functional document is a complete guide that provides an in-depth understanding of DIPS software.
The document explains how DIPS users can find out what they are entitled to, and who are entitled to directories online via this software. Also, the document explains how a user with the data owner role can query the currently authorized users online at any time via this software.
This software provides a user-friendly interface and a seamless experience, enabling the sales team to efficiently manage folders and access information with ease.
3. DIPS Overview[edit | edit source]
3.1 Types of User Roles[edit | edit source]
Below are the different roles that can be assigned to a DIPS user.
- TSO
- DIPS Contact Person
- Data Owner
3.2 Lifecycle of Directories[edit | edit source]
The basic idea of DIPS is to manage all operations on directories and their permissions via a self-service portal that requires manual steps only from those ordering actions and, if necessary, approvers. All technical steps to carry out operations in the file system, Active Directory or other systems are carried out automatically and are therefore highly quality assured and reliable. DIPS provides you with information about the status of order processing at any time.
- Create a new directory: When ordering, the necessary information about data ownership, authorizations, retention periods, and archiving is provided so that the automatic creation can take place. You will then see the new directory as a completed order in DIPS and as a directory in the desired location in Windows Explorer
- Granting permissions: a previously unauthorized person can request permission to read or write directories. Alternatively, a data owner can proactively set up permissions for others. Only read permission can be granted for directories that contain other DIPS-managed directories. Write permissions are only granted to directories at the lowest level managed by DIPS. These inherit their permissions to their content. Your substructure and files are managed by those authorized to write them themselves via Windows Explorer.
- Changing directory properties and transferring ownership of the directory: these processes allow changing the characteristics specified when creating a new directory or passing on data ownership. An important basic principle in DIPS is that there can be no orphan data areas. Each directory has a primary data owner.
- Create subdirectories: the structure can be expanded by ordering subdirectories. Each subdirectory, which is also managed by DIPS, can receive its own permissions or simply adopt the permissions of a parent directory. Below the directory levels managed by DIPS, those authorized to write can create their own structures quickly and easily using Windows Explorer, as usual.
- Delete directory: if a directory is no longer needed, data owners can of course delete it again. It will be removed from the file system. Directories that are automatically archived can only be deleted when there are no more files in the associated archive.
3.3 Directory types[edit | edit source]
DIPS differentiates between “navigation directories” and “data directories”:
A navigation directory does not contain any files itself, only other subdirectories. Only read permission can be assigned here, which allows this directory to be opened to see the next level. The maintenance of authorizations and subdirectories is carried out exclusively via DIPS.
A data directory contains files and possibly normal subdirectories that can be created, edited and deleted by users using Windows Explorer without DIPS. Users can be given read or write permission. Authorizations are maintained exclusively via DIPS. The same access rights and retention periods apply to all files and subdirectories contained therein as to the parent data directory. Below DIPS data directories, there are only normal directories.
Navigation directories can be defined at level 1 or level 2; data directories at level 2 or level 3. Level 3 directories are always data directories. Optionally, a level 2 directory can also be defined as a data directory. The directory depth managed by DIPS then ends there; below there are only normal directories.
Normal directories do not carry their own permissions. They can only be below DIPS data directories. They are created, renamed, or deleted using the normal means of Windows Explorer.
3.4 Online Help[edit | edit source]
DIPS offers you online help. On each order form you can use the “?” symbol at the top right of the form to call up the exact description of the current order form in a context-sensitive manner:
Add Image
3.5 Select IT service to order [edit | edit source]
A DIPS user can select anyone in the service category to see a list of the IT services that can be ordered using this software -
- Tasks for all MBVD people
- Tasks for data owners
- Tasks for DIPS contact persons
Add image
3.6 View your order history[edit | edit source]
You can click on the “My Action History” link in the left navigation area.
Add image
Here you can access your order history via the link “Overview of the orders you have placed”. Here you can view your completed and ongoing orders.
If the order is still in progress, the status “In Progress” is displayed. Completed orders are marked with the status “Completed”, then the IT service is fully set up. If an order is not approved, the status “Rejected or Canceled” appears.
Add image
By clicking on the (i) symbol in the information column of the respective order, you open a window with detailed information about your order and the status.
Add image
You can see the status in the “History” tab.
Add image
If orders are still in progress, you can see in the “Next decisions” tab who has currently been asked to approve your order.
Add image
Close the info window by clicking on the “Close” button.
3.7 Email notifications[edit | edit source]
DIPS sends individual emails in the following cases:
If approval is required, an email will be sent to all approvers of an order notifying them.
After an order has been completed, an email is sent to the recipient and the customer informing them whether the order was successful or rejected.
4. Tasks for All MBVD People[edit | edit source]
4.1 Apply for Authorizations[edit | edit source]
Here you can request access rights to one or more directories for yourself or a person for whom you are a representative.
Add image
Recipient: Here you can select the person to be authorized. The field is pre-filled with the currently logged user. You can select another person from the district for which you are registered as a representative.
Reason: Please provide a (short) reason. This is used for documentation in DIPS and is also displayed to users who receive a request to approve the application.
Directory: Here you select the directories for which the recipient should receive permission. The selection is made by first clicking on the (+) symbol in front of “Project directories” or “Group directories” and then opening the directory tree of the desired root directory using the (+) symbols.
You will see the rights set up by placing a checkmark in the appropriate place. An empty checkbox is displayed wherever rights can be requested. Tick the empty checkbox to specify the desired permissions (“Read” column for read permission, “Change” column for change permission, also known as “write permission”).
Add image
Click “OK” to confirm the order and it will be placed in your shopping cart. If you have selected multiple directories, multiple orders will be created accordingly.
Add image
You can send the order(s) now or create more requests for additional IT services and add them to your shopping cart. Once you have created all the orders, place the actual order using the “Check and submit shopping cart” button. The order will be placed after you have confirmed the further request with “Yes”.
Add image
You will then receive confirmation on the screen.
Add image
If you would like to view the status of your order, you can do this at any time via the “order history”.
4.2 Revoke/Give Up Permissions[edit | edit source]
With Revoke/Give Up Permissions you can
- remove your own permissions,
- Revoke rights from people for whom you are a representative or
- Revoke rights to directories where you are the data owner.
As a data owner, you can access the latter more easily via the “Maintain permissions” service in your personal data owner tasks area.
Add image
Directory: here you select the directory for which permission should be revoked. You can request authorization revocation for yourself, people for whom you are a representative or for directories for which you are the data owner.
Reason: Please enter a reason here why an authorization should be given up or withdrawn.
Select at least one permission to delete: A list of existing permissions is displayed, each permission (Read, Modify) and details about the user. Here you select at least one which should be withdrawn or given up. (Note: The data owner's permission cannot be revoked.)
With “OK” you place the order in the shopping cart.
Add image
With “Check shopping cart and submit” the order “Revoke/abandon authorizations” is sent (after further confirmation).
4.3 Edit Deputy[edit | edit source]
Define and remove your DIPS deputies here. Deputies can submit and approve applications in DIPS on your behalf.
In the form, you might see a list of deputies already defined.
Add image
Recipient: Here you select who you want to edit the representatives for. If you are a representative for someone else, you can also edit their representative. To do this, select the person for whom you want to edit the deputy in the Recipient field. The list of already defined representatives is displayed at the bottom of the form and changes depending on which recipient you have selected here in the “Recipient” field. The field is pre-filled with yourself. Click on “Change” to change the recipient.
In the list for selecting the recipient, you and all the people for whom you are a representative are displayed.
Add image
To select, click on the name of the person whose representative you want to check or change in the list shown above. The selection window is then closed; the selection is accepted as “recipient”, and the representatives for the selected person are displayed in the list.
Add image
To make changes to your deputies, proceed as follows:
Reason: For documentation purposes, enter a reason why you want to change the list of substitutes.
To change your deputies, you can use the “Add Deputies” and “Remove Deputies” functions, which are described below.
4.4 Define Additional Deputy[edit | edit source]
Select: To define an additional deputy, click “Select” behind the “Add deputy” text. The sub dialog for selecting a new deputy opens. In the list, you can use the Search field to narrow the list. Click on the person's name to select a new deputy (the window will close automatically).
Add image
The deputy to be redefined now appears in the list with a leading green (+) sign.
Add image
Send your order now using the “OK” button. Note: Don't forget this step because your change of deputies has not yet been completed.
Your newly added deputy will then end up in your shopping cart as an order. You can also make further changes to your deputies before submitting. For example, you can add additional substitutes or mark existing ones for deletion before submitting the order.
4.5 Remove Existing Deputy[edit | edit source]
“Delete” checkboxes in each line: To remove a substitute that has already been defined, click the checkbox in the corresponding line and submit the form with the “OK” button. Note: You can also mark multiple delegates for removal at the same time.
Add image
Just send the changes with the “OK” button. Your changes to the substitutes will then end up in your shopping cart as individual orders.
Add image
With “Check shopping cart and send” the order “Process processing” is sent (after further confirmation).
4.6 Report - Overview of My DIPS Authorizations[edit | edit source]
Here you can generate a report that shows you all the permissions that are defined for you or a person you represent in DIPS and implemented on the file system.
First, the input form “Overview of my DIPS authorizations” appears.
Add image
In the “Authorized person” field, select who you would like the authorizations to be displayed for. The field is pre-filled with you as a logged in user. You can use the “Change” link to select another person for whom you are defined as a representative in DIPS.
Add image
You select a person by clicking on their name. The selection window then closes automatically, and the person is adopted.
To create the report, click on “Online anzeigen”.
The requested report will then be generated and displayed in a separate window.
Add image
The report contains brief information about the selected user in the header and below it a list of all their permissions. The list is sorted alphabetically by directory name.
Note: The Write permission implicitly includes the Read permission.
4.7 Report - Overview of Deputy/Deputies[edit | edit source]
Add images.
5. Tasks for Data Owners[edit | edit source]
5.1 Create a New Directory[edit | edit source]
Here you can create a new directory.
Add image
The following fields must be filled out:
New Owner: Select who will be the data owner of the new directory. By default, it is you. You can select someone else if you are their representative. Then it becomes the data owner of the new directory to be created. To do this, click on “Change”. A new window will then open in which you can select the new owner (also known as “recipient”). To select, click on the person's name here. You can search and scroll in the window to make it easier to find the person you are looking for. If you cannot find the person you are looking for, you may not be authorized to place orders for that person in DIPS. In this case, contact this person to define you as a representative in DIPS.
Add image
Parent directory: You must select a 1st or 2nd level directory in which the new directory is to be created, the so-called parent directory.
You can also specify the root directory as the parent directory if you want to request a 1st level directory. However, for a level 1 directory, you cannot specify any directory name but rather choose one of the standard names from a selection list.
Click a (+) symbol to expand a directory subtree.
Select the desired parent directory by clicking on the name.
Add image
After the parent directory has been selected, this is entered into the “Create new directory” form. Now add the name of the desired new directory to the appropriate fields.
Add image
If you have selected level 1 as the parent directory, you can enter level 2 and level 3, level 2 will then be created automatically.
4-eye approval: Choose which status the directory should receive. For “Normal” the approval of the data owner of the parent directory is sufficient; in other cases, a second approval from a corresponding representative is required (four-eye principle: works council, management or human resources). The field is also referred to as “special status” in some views. Note: Please be sure to consult your DIPS contact person before selecting an option other than “Normal”.
Retention Period: Select the retention period for the directory. The information is relevant for retention policy. The default is 6 years. Note: If a longer retention period already been defined for the parent directory, you can no longer select a lower value here.
DIPS directory type: DIPS distinguishes between “navigation directories” and “data directories”:
- A navigation directory does not contain any files itself, only other subdirectories. Only read permission can be assigned here, which allows this directory to be opened to see the next level. The maintenance of authorizations and subdirectories is carried out exclusively via DIPS.
- A data directory contains files and subdirectories that can be created, edited, and deleted by users using Windows Explorer without DIPS. Users can be given read or write permission. The same access rights and retention periods apply to all files and subdirectories contained therein as to the requested data directory.
Select the DIPS directory type here. Note: Navigation directories can be defined at level 1 or level 2, level 3 directories are always data directories. Optionally, a directory on level 1 or level 2 can also be defined as a data directory. The directory depth managed by DIPS then ends there.
Accept authorization: If you leave the checkbox active, those authorized to the selected parent directory will also receive the corresponding authorization for the new directory to be created. If you do not want this, deactivate the checkbox. Note: By clicking on the info symbol (i) you can check which permissions would be adopted.
Tip: If you are not sure, it is better to unmark the “Apply permissions” checkbox and then assign the rights in a controlled manner. This way you avoid granting too many permissions to your new directory.
Description: Please provide a brief description of the requested directory. This is used for documentation.
Once all fields have been filled out, you can add your order to your shopping cart by clicking the “OK” button.
If the “Apply permissions” checkbox is clicked, an intermediate page appears showing the permissions to be adopted.
Add image
You then have the option to confirm this (“OK”) or return to the order form (“Cancel”).
Add image
The aim of these user guides is to avoid many authorizations being accidentally applied.
With “OK” you will automatically be added to your shopping cart:
Add image
You can send the order now or order for additional IT services and add them to your shopping cart. Once you have created all the orders, place the actual order using the “Check and submit shopping cart” button. The order will be placed after you have confirmed the further request with “Yes”.
Add image
You will then receive confirmation on the screen.
If you would like to view the status of your order, you can do this at any time via the “order history”.
5.2 Add/Delete Permissions[edit | edit source]
You edit the Add/Delete Permissions order form. You can use this to maintain all authorized persons in a directory in total:
- Add several more authorized persons
- Delete (revoke) permissions
- Convert read to change permission (for data directories)
Add image
After you have selected a directory as usual, you will receive the list of all currently authorized users (if necessary, spread over several screen pages with a scrolling function).
- Add additional authorized persons by selecting additional people via “Add authorized persons >> Select”.
- For each authorized person, select whether you want to assign “None”, “Read” or “Change” (“Change” stands for change authorization, also known as write authorization; can only be selected for data directories).
- To revoke permissions, select “None” for one of the users shown.
- You can use the leading checkboxes to select several authorized persons and assign them the rights specified in the upper selection box in one operation.
- You can use the “All” checkbox to select all authorized persons on the page with one click.
Any changes you have made will be indicated on the form by a writing symbol in front of the name:
Add image
Once you have defined all the changes, enter a reason and send your order with the OK button. Several individual orders will then be created, the progress of which you can follow as usual via the order history.
Note: You can convert a read authorization (selection = “Read” into a write authorization (selection = “Change”). This does not work the other way around. To do this, you must first revoke an existing write authorization (selection = “none”) and submit this order. After The order has been implemented, you can restart and now assign “Read”.
5.3 Overview of Authorized Directories[edit | edit source]
You edit the order form “Overview of those authorized to register”. Use this to create a report on everyone who has access to one or all of your DIPS directories.
Add image
Recipient: Here you select which data owner the report should be created for. The field is pre-filled with you as the currently logged in user. You can select one of those for whom you are registered as a deputy.
Directory: Here you select which directory the report should be created for. Note: If you leave the default blank, the report will contain all directories of the selected data owner.
If you click the “Online anzeigen” button, the report will be created and displayed directly as a PDF file or offered for download. In this special case, an order via the shopping cart is not intended.
Add image
The report shows all directories of the data owner with some information and in detail who has access to the respective directory. It starts with the root directory and then lists all directories of the selected data owner. The variant restricted to a directory shows the same information, but only for the selected directory.
You can save and print the report using the standard functions of your PDF reader.
Add image
5.4 Change Directory Properties[edit | edit source]
You edit the “Change Directory Property” order form. Allows you to change the special status, retention period, and description of a directory you are responsible for.
Add image
Directory: Here you select the directory whose property you want to change. Only directories are offered for selection in which you are the data owner, or a person you represent is registered as the data owner.
Special status: Here you can change the special status of the selected directory. A special status “works council”, “management” or “human resources” determines a “four-eye approval” for further actions on the affected directory, such as “apply for authorization” and “create a new directory” (below). Note: Please be sure to consult your DIPS contact person before selecting an option other than “Normal”.
Retention period: Here you can change the retention period of the selected directory. Note: If the retention period of an existing directory is to be extended to more than 10 years, a second approval request is made to the overall retention contact person (DIPS role MBVD-IO: Mr. Christian Menzel, ITP/EG) before this is implemented.
Description: A description of the directory can be stored here. This is particularly recommended for abbreviations in directory names.
Reason: Explain why you want to change the special status and/or the retention period and/or the description.
Send your order to the shopping cart with “OK”.
Add image
With “Check and submit shopping cart” the order “Change directory property” is sent (after confirmation).
5.5 Transfer Directory[edit | edit source]
You edit the “Transfer Directory” order form. This is to request a change of data owner for one of your DIPS directories.
Add image
Directory: Select the directory whose data owner you want to change.
New owner: Select the person who should become the new data owner.
Remove old data owner: If you leave the checkbox selected, the read and - if level 3 - write rights of the old data owner will be removed. This is the recommended variant. Otherwise, the directory also receives the newly chosen data owner, but the rights of the old data owner remain.
Reason: Enter a (short) reason for documentation.
With “OK” you place the order in your shopping cart.
Add image
With “Check shopping cart and send” the order “Transfer directory” is sent (after further confirmation).
5.6 Rename/Move Directory[edit | edit source]
You edit the “Rename/Move Directory” order form. Here you can give one of your directories a new name, move it to a different parent directory, or do both in one go.
Add image
Action to perform: Select one of the three options provided:
- Rename
- Move
- Move and Rename
Depending on which option you select, the input form will be adapted so that you can enter the required parameters (see below).
Existing directory: Here you select the directory that you want to rename or move. Only directories are offered for selection in which you are the data owner or a person you represent is registered as the data owner.
Add image
If you selected the “Move” option, you can select a different navigation directory under “New parent directory” under which the previously selected directory will be moved. Note: You can only move a directory at the same level.
Add image
If you select the “Move and rename” option, you will find both input fields: “New parent directory” and “New directory name”.
Add image
Enter a reason and send your order via the shopping cart as usual.
The order will probably take a little longer to complete than other orders. This depends on the amount of data in your directory.
5.7 Delete Directory[edit | edit source]
You are editing the "Delete directory" order form. You can have an existing directory deleted here.
Add image
Directory: Here you select the directory to be deleted. To do this, click on the text “Select”. Then a directory selection window opens. Select by clicking on the relevant directory:
Add image
- Only directories for which you are registered as the data owner or his representative are displayed.
If there are other directories of other data owners below a directory, you cannot delete the directory. The affected sub-directories must first be deleted in a separate step. If all subdirectories are associated with the same data owner, you can request deletion of the entire subtree at once.
Add image
Enter a (short) reason why the directory and all files and subdirectories it contains should be deleted.
Confirm with “OK” and the order will be placed in your shopping cart.
Add image
With “Check shopping cart and submit” the “Delete directory” order is sent (after confirmation).
6. Tasks for DIPS Contact Person[edit | edit source]
If you are assigned to the “DIPS Contact” role in DIPS, you will find a category of IT services “DIPS Contact Tasks”:
Add image
Additional functions and reports are available there, which are described in the following chapters.
6.1 Report - Overview of subdirectories and owners[edit | edit source]
Select a directory in the order form. The report then shows this directory and all subdirectories of it, regardless of who owns the data:
Add image
You have two options to receive the report, by email or directly online.
If you select “View online,” a new window will open with a preview of the report. Select the format you want to download here, we recommend “Acrobat PDF File”:
Add image
The report lists all subdirectories of the selected directory, each with information about the special status, retention period, and data owner.
6.2 Report - Overview of all authorized directory users[edit | edit source]
In the order form, select the parent directory
Add image
The report includes the selected directory and all subdirectories of it. Because this report is relatively extensive and therefore takes a little longer to generate, you only have the option of having the report sent to you as a PDF by email. Your email address defined in Who's Who will be used.
Add image
Add image
The report is structured in the same way as the well-known “Overview of Directory Authorizations” report. Only it is not limited to one data owner, but shows all directories below the selected directory, regardless of who is the data owner. Here is an example from the test system:
Add image
6.3 Remove employees as DIPS participants[edit | edit source]
You can use the “Let employees leave” function to deactivate an employee in DIPS. In the “Let employees leave” input form, you first select the person or account to be deactivated and provide a reason.
Add image
Then place the order in your shopping cart as usual using the OK button and send the order from there as usual.
The following actions are triggered in detail:
The person will have all permissions defined via DIPS revoked. Affected data owners will be informed by email.
If the person is the data owner of a group directory, the directory is transferred to the data owner of the parent directory. The new data owner will be informed of this via email.
If the person is defined as the data owner of a project directory or confidential directory, the directory is transferred to the head of the organizational unit. The new data owner and the DIPS contact persons will be informed by email.
If the person is registered as a representative of another person, the representation will be terminated. The people represented will be informed by E-Mail.
If the person has been assigned certain roles in DIPS, these role assignments will be removed. The DIPS contact persons will be informed about this by email.
Note: The identical functionality is triggered automatically when a person leaves and DIPS receives this information via the daily, automatic comparison with the Active Directory. Normally the function does not have to be carried out manually.
6.4 Make an account available[edit | edit source]
All MBVD employees are already actively registered in DIPS. These are assigned to the higher-level organizational unit (OU) = E080 in the Active Directory. It is also possible to make people from other organizational units, e.g. Head Office (OU) = ESTR available in DIPS, so that they can also log in to DIPS and be given rights.
The “Make account available in DIPS” function is used for this purpose. You edit the corresponding form.
Add image
Here you use “Select” and select the person who should be activated in DIPS. Limit the list of results using the “Search” field. The selection is made by clicking on the name.
Add image
Enter a reason and submit your order.
Add image
6.5 Create or delete delegated persons for an area[edit | edit source]
Background information: The group drives managed by DIPS are individual “shares”. There is a “share” or drive for each organizational unit, e.g. “Württemberg”, “Nord”, “Bavaria”, etc. In order for an employee to be granted rights to a share, he or she must be “seconded” to the share. A so-called “home share” is defined for each employee based on their membership of a specific work code (WKZ). He is automatically “seconded” there. In addition, it is possible to “assign” users to any other shares so that they can also be granted rights there. Typical examples are employees from the MBVD headquarters who also need access to shares in retail.
Using the “Create or delete delegations of MBVD people for an area” function, DIPS contacts can check who is delegated to your share and assign additional people there or remove those who have already been delegated.
Ordering process: You edit the form “Create or delete delegations of MBVD people for an area”:
Add image
Organizational unit: Here you first select for which organizational unit, i.e. for which share, you would like to view the delegations and adjust them if necessary. When you click on “Select” you will receive a list of all shares for which you are registered as a DIPS contact:
Add image
By clicking on the name, you select the desired share and DIPS creates a view of all existing delegations in the selected share:
Add delegation: to delegate a new person, click “Select” in the table header:
Add image
You can now select the person you would like to delegate to the selection window. All people available in DIPS are offered for selection*). Use the search field to find the person:
Add image
Tip: If you cannot find the person you are looking for, try to see if they need to be made available for DIPS first.
You select the person by clicking on the name. You can repeat the process and assign several people in one operation. The people to be reassigned are identified by a green (+) symbol in the form.
Add image
Enter another reason. Then you can send the orders.
Delete delegation: To remove a delegation, simply mark the leading checkbox in the corresponding line.
When you submit the form, individual orders will be placed in your shopping cart for each new and removed delegation. You send these from the shopping cart as usual.
6.6 Member maintenance DIPS-AP[edit | edit source]
With a "DIPS-AP member maintenance" request, a user can add or remove users from the list of DIPS contact persons. In addition, a user with the maintenance role can add new members to the "DIPS member maintenance" role and remove existing members.
Add image
First, the user can select the department for which he is authorized.
Add image
Once the department, request type and options such as "List" and "Maintenance role" have been selected, the system displays the existing DIPS contacts in a table. If the user is authorized, they can remove existing contacts or add new ones using the "Add" option.
Add image
Finally, place the order in your shopping cart as usual by clicking the OK button and send the order from there.