Roles

The Tenant Administrator defines the roles as per the organizational requirements (e.g. service role). A role regulates access to plant applications.

A sample role matrix is available in the appendix at "Roles and privileges".

In contrast to global portal roles, roles relating to the plants can be freely edited.

info

The role of "Owner" must be available in this form for system-technical reasons and cannot be changed. The system prevents this from happening.

Make a role for 'TenantUser (<Role>)'

One role can now be defined as the basis for an administrator role: For the 'TenantUser (<Role>)'. The new administrator has automatic access to all tenant plants with the rights of the assigned <Role>.

Background:

As shown in "Relationship between SCOPE security level, roles, and application security levels" and "Roles and privileges", a role is characterized on the one hand by access rights to the system and on the other hand by self-defined portal rights. TenantUser (<Role>) creates an "Administrator" that can execute the selected role on all plants with a "One-click action".

Procedure:

Select the desired (<Role>) "Administration > Roles > [Role] > Area: Basis data > TenantUser role".

info

The role of "Owner" cannot be used as TenantUser for system-technical reasons.

Localize roles

The description of roles can be localized.

  1. You are a Tenant Administrator and you want to localize the description of roles for a tenant area.
  1. Go to "Administration > Roles".
  2. Select a role.
  3. Click the button.
  4. The localization dialog opens.
  6. Enter the localized description of the role in the corresponding language line.
  7. Click "Save".
  1. In the tenant area in question, a localized tooltip is displayed by moving the cursor over the role in the corresponding language and for all users at all locations for the role.

Delete roles.

Roles can be deleted.

  1. You are a Tenant Administrator and you want to delete a role.
  1. Go to "Administration > Roles".
  2. Select a role.
  3. Click "Delete".
  5. The delete dialog box opens.
  6. Write the name of the role for deletion in the entry field and confirm the delete.
  1. The role is deleted.
info

The name of the role for deletion must be entered in the entry field exactly the same to prevent unintentional deletions. The deletion cannot otherwise be completed.

CAUTION

caution

One deleted, a role cannot be retrieved.

A deleted role is permanent. User assigned this role loose the associated access rights to the plant. The right cannot be restored.

As a consequence, only delete roles that you are sure are no longer needed.

'For roles with limited plant rights: Additional right to select application sets by name and version number'

A Tenant-Administrator can assign a user with limited rights, the additional right to assign application sets to plants. The additional right grants a user role access to selected application sets and application set versions. This user role can assign a specific application set to a plant.

  1. The own role is 'tenant-administrator' in the Main-Tenant.
  1. Go to "Administration > Roles".
  2. Select the role for the advanced rights.
  3. In the "Privileges” menu, select the right 'Plant / Application set.
  4. Click 'Save'.
  2. In menu "Administration > Plants > 'Own plant' > Basic settings", select drop-down menu "Applications set" and "Variants" and assign available values to the plant.

In the Sub-Tenant for a plant, an inherited Main-Tenant application set and a user local to the Sub-Tenant is assigned a different plant role

info

The following workflow is only required if an application set from the Main-Tenant and a user role of the Sub-Tenant is used in the Sub-Tenant. Skip the following workflow if the inherited Main-Tenant user role if used.

NOTICE

notice

Failure to comply with inheritance rules means the following features are displayed in the plant of the user in the Sub-Tenant:

● Data points.

● Dashboards.

● Web graphics.

● Application set plant files

 

Application sets in the Sub-Tenant normally inherit the same user role as the Main-Tenant. A different user role can, however, be inherited within the Sub-Tenant, for example, to grant advanced or limited rights to the application set. Perform the following steps:

  1. Climatix IC is opened in the Sub-Tenant.
  1. Go to "Administration > Roles > 'Owner' > Basic data".
  2. The 'Main-Tenant user role' opens.
    Note: The 'Main-Tenant user role' is only in the Sub-Tenants.
    • Select the user role inherited from the Main-Tenant.
  4. Click 'Save'.
  5. The user role of the application set in the Main-Tenant is confirmed.
  6. Go to "Administration > Roles > 'Desired role' > Basic data".
  7. The 'Main-Tenant user role' opens.
    • Select the user role that differs from the Main-Tenant.
  9. Click 'Save'.
  10. The application set user role is changed.
  1. The application set in the Sub-Tenant is a different user role in the Main-Tenant.
  2. The rights to the newly assigned user role in the Sub-Tenant is defined in the 'Privileges'.

The user can also be modified in the API.