Roles
Access management is based on a concept for assigning corresponding roles to users, groups and modules.
Application roles
A module provides an application role. The module predefines the permissions. Administrators can use application roles to control access to a module. Application roles are write-protected for users.
Application roles can be assigned to users, groups, modules and contracts.
|
If no application role has been assigned to the user for a corresponding module, the menu does not appear in the Nexeed Industrial Application System. |
Organization roles
An organization role can be defined, created, managed and changed by a user.
Organization roles can be assigned to users, groups and modules.
|
Organization roles cannot be assigned to a contract. |
Role Overview
The role overview displays the name and description of all roles. New roles can be created and roles that are no longer required can be deleted.
After you select a role, the role data appears in the detailed view on the right. In this view, you can update role data and add or remove users to or from a role.
Detailed view
| Icon/element | Description |
|---|---|
Details |
Displays role details |
Assigned users |
Displays users that are assigned to a role |
Authorizations |
Displays the role permissions and permission filters by static and dynamic resources. |
View permissions
Prerequisite
Access Manager role
Procedure
-
Call up the Access management > Roles menu.
-
In the Domain drop-down list, select one or more modules.
Or:
Enter the required role designation in the Search text field.
-
Select the required role from the overview.
In the detailed view on the right, the role data is displayed in the Permissions tab.
Adding a Role
|
Organization roles are roles added by a user. |
Prerequisite
Access Manager role
Procedure
-
Call up the Access management > Roles menu.
-
Click
.The Add role dialog window will open with the Details step.
-
Complete the Name and Description fields in the Details step.
-
Click Next.
The Permissions step appears.
-
To limit the number of roles displayed, implement the following settings:
In the Modules drop-down list, select the module in which the required role is located.
Or:
Enter the required role designation in the Search text field.
Or:
Use the Resources drop-down list to filter by resource type.
-
To assign the required permissions to the selected roles, click the corresponding icon:
-
Create objects
-
Read objects
-
Edit objects
-
Delete objects
-
Execute objects
Selected permissions are displayed in white on a blue background.
-
-
To revoke permissions, click the required permission again.
Deselected permissions are displayed in blue on a white background.
-
To assign or withdraw all permissions, click
.Permissions that cannot be assigned, for example, due to a lack of permission from the current user, appear in gray and cannot be selected.
-
Click Next.
The Summary step will open.
-
To edit details, click on Back or on the required step.
-
To save the details, click Save in the Summary step.
The role is created and is displayed in the overview.
-
To change a role’s data, continue with Updating a Role.
-
To assign a user to a role, continue with Assigning a User to a Role.
Updating a Role
Only organization roles can be updated.
Prerequisite
Access Manager role
Procedure
-
Call up the Access management > Roles menu.
-
To limit the number of roles, implement the following settings:
Set the Organization filter in the Domain drop-down list.
Or:
Enter the required role designation in the Search text field.
-
Select the required role from the overview.
In the detailed view on the right, the role data is displayed in the Details tab.
-
To change the role permissions, click
.If the edit icon is not displayed, this role is not an organization role and cannot be edited.
The Edit role dialog window appears.
-
Update the permissions.
-
Click Next.
The Summary step will open.
-
Check all the information and adjust if necessary.
-
Apply changes with Save.
The role data is updated and will be displayed in the overview.
Assigning a User to a Role
Prerequisite
Access Manager role
Procedure
-
Call up the Access management > Roles menu.
-
To limit the number of roles, implement the following settings:
In the Domain drop-down list, select the module in which the required role is located.
Or:
Enter the required role designation in the Search text field.
-
Select the required role from the overview.
In the detailed view on the right, the role data is displayed in the Details tab.
-
In the detailed view, go to the Assigned users tab.
When a user name is clicked, the Nexeed Industrial Application System changes to the Access Management > Users menu.
User names preceded by service-account- and followed by an alphanumeric code (example: service-account-w68ysarkiyx171246mrtaocj) identify modules. The alphanumeric code corresponds to the client ID of the module.
-
Click
.The Select user dialog window will appear.
-
Select the required users.
-
Click Assign.
The selected users are assigned to the role and are displayed in the detailed view in the Assigned users tab.
-
To remove a user from a role, continue with Unassigning a User from a Role.
Unassigning a User from a Role
Prerequisite
Access Manager role
Procedure
-
Call up the Access management > Roles menu.
-
To limit the number of roles, implement the following settings:
In the Domain drop-down list, select the module in which the required role is located.
Or:
Enter the required role designation in the Search text field.
-
Select the required role from the overview.
In the detailed view on the right, the role data is displayed in the Details tab.
-
In the detailed view, call up the Assigned users tab.
When a user name is clicked, the Nexeed Industrial Application System changes to the Access Management > Users menu.
-
Click
next to the user you want to delete.
The user is unassigned from the role and is no longer displayed in the Assigned users tab.