Nexeed
    • Introduction
    • User manual
      • Condition monitoring and its tabs
        • Live
        • Counters
        • Measurements
        • Events
        • Rules
        • View configuration
        • Details
      • Rules management
        • Rule types and standard functions
        • Rule details
      • Function configuration
      • Condition Monitoring widgets
      • Access Management
        • Application Roles
        • Fine-Grained Access Control and Configuration
        • How to Configure Organization Roles
    • Operations manual
      • Overview
      • System architecture and interfaces
        • System components
      • System requirements
        • General notes
        • cm/condition-monitoring-core
        • cm/rule-service-app
        • cm/rule-function-executor
        • cm/rule-result-aggregator
        • cm/rule-value-aggregator
        • cm/rule-value-provider
        • cm/stateful-function-executor
      • Migration from previous versions
        • Migration to 2.1+
        • Migration from CPM 1.5.4 to CM and RM 3.0.x (Nexeed IAS 2023.02.00.xx)
          • CPM to CM relational database migration
          • CPM to RM relational database migration
          • CM Influx database migration
          • Deletion of an old CPM installation
        • Resources mapping from MES to IAS Condition Monitoring
        • Migration to 4.0.0+ (Nexeed IAS 2024.01.00.xx)
        • Migration to 4.3.x (Nexeed IAS 2024.02.01.x)
        • Migration to 4.5.x (Nexeed IAS 2025.01.00.x)
        • Migration to 4.6.x (Nexeed IAS 2025.01.01.x)
        • Migration to 4.8.x (Nexeed IAS 2025.02.00.x)
        • Migration to 4.9.x (Nexeed IAS 2025.02.01.x)
      • Setup and configuration
        • Manual MACMA configuration after setting up a new tenant
        • RabbitMQ
        • Influx configuration
        • Kafka topics
        • Condition Monitoring - Helm Configuration
        • Advanced configuration parameters
          • cm/condition-monitoring-core
            • Common shared variables
            • Portal shared variables
            • MDM shared variables
            • RabbitMQ shared variables
            • OTEL shared variables
          • cm/rule-service-app
            • Rules Management shared variables
            • KAFKA shared variables
          • cm/rule-function-executor
          • cm/rule-result-aggregator
          • cm/rule-value-aggregator
          • cm/rule-value-provider
          • cm/stateful-function-executor
      • Start and shutdown
      • Regular operations
      • Failure handling
        • Rule Management Light Helm installation failing when Kafka is disabled or Kafka is not configured at all
        • User manual injection into Rule Management
        • Infrastructure outages: health verification Endpoints
        • OPP/PPMP are not received in CM
        • Master data (Devices, Facilities, Measuring Points, DeviceTypes) is missing in CM
        • CM is not visible in the portal
        • How to verify if the broker is out of sync
      • Backup and Restore
      • Logging and monitoring
        • General logging characteristics
        • Required monitoring
        • General logging format
        • Request-based logging format
        • Security logging format
        • Lifecycle logging format
        • Module health Endpoints and K8s probes
      • Known limitations
    • API documentation
      • Condition Monitoring HTTP API
      • Rules Management HTTP API
    • Glossary
Condition Monitoring
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator

Nexeed Learning Portal
  • Condition Monitoring
  • User manual
  • Access Management
  • How to Configure Organization Roles
preview 4.10.0

How to Configure Organization Roles

This page explains how to manually configure organization roles related to dynamic resources in MACMA (Multitenant Access Control Management Application). Only after assigning users the proper roles can they see rules from accessible facilities.

Prerequisites

  • Access to MACMA (Multitenant Access Control Management Application)

  • Administrative privileges to create and manage roles

  • Understanding of facility hierarchy (Area, Line, Station levels)

Procedure

Step 1: Create a New Role

  1. Navigate to MACMA: Access Management → Roles

  2. Click on the Add Role button

  3. Enter a descriptive role name, ideally including:

    • The facility name

    • Role type keywords ("Admin" or "User")

Step 2: Filter Resources by Application

  1. In the role creation dialog, filter the resources by selecting Nexeed Condition Monitoring as application:

MACMA Role Creation Interface

Step 3: Understanding Resource Registration

For each facility of facility type "Area", resources are registered automatically by the Condition Monitoring application in MACMA.

Step 4: Configure Administrator Role

If you want to define an Administrator Role for a facility:

  1. Ensure all privileges are selected for the resource:

    • read

    • add

    • modify

    • delete

MACMA Admin Role Permissions

Step 5: Configure User Role

If you want to define a User Role with read-only access to basic Condition Monitoring functionality for a facility:

  1. Select only the read privilege for the resource

MACMA User Role Permissions

Step 6: Configure Super-Administrator Role

If you want to define a Super-Administrator Role with access to devices from all facilities:

  1. Select privileges read, add, modify, delete for all available resources

MACMA Super Admin Role Configuration

Step 7: Assign Roles to Users

After roles are created, assign them to users using the standard MACMA user assignment process.

Important Considerations

Privilege Dependencies

  • Having the add privilege does not automatically include the read privilege

  • Each privilege must be explicitly assigned

Inheritance Limitations

  • In default Privileges are defined on IAS Area Level

  • Permissions granted at higher level automatically apply to all lower levels

  • It is possible to define another root level, please contact support for assistance

Access Control Updates

Users will only get access after updated information is fetched by the Condition Monitoring application from MACMA:

  • Access Control List information is fetched from MACMA every 3 minutes

  • Organization role information is cached for 2-3 minutes

  • Allow up to 5 minutes for role changes to take effect

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses