Access control roles and resources
Below are the definitions of expected roles and resources that are auto-created in MACMA after deployment of Rework Control via Helm installation.
Resources
| ID | Type | Description | Available Privileges |
|---|---|---|---|
BCI Operation |
|||
health |
urn:com:bosch:bci:operation |
Access for health endpoints. |
Execute |
API Entities |
|||
documents |
urn:com:bosch:bci:rework:entity:documents |
Documents (e.g. disclosure documents). |
Read |
blocks |
urn:com:bosch:bci:rework:entity:blocks |
Blocks. |
Read, Add, Modify |
comments |
urn:com:bosch:bci:rework:entity:comments |
Comments on process and type numbers. |
Read, Add |
config-files |
urn:com:bosch:bci:rework:entity:config-files |
Configuration files. |
Read, Add, Modify |
cost-centers |
urn:com:bosch:bci:rework:entity:cost-centers |
ERP cost centers. |
Read |
ddl-telegram-variables |
urn:com:bosch:bci:rework:entity:ddl-telegram-variables |
Variables used in DDL Telegram templates. |
Read |
errors |
urn:com:bosch:bci:rework:entity:errors |
Error codes and bits. |
Read |
line-controllers |
urn:com:bosch:bci:rework:entity:line-controllers |
Line controllers from Line Control module. |
Read |
parts |
urn:com:bosch:bci:rework:entity:parts |
Parts and part groups. |
Read, Add, Delete |
part-trace |
urn:com:bosch:bci:rework:entity:part-trace |
Part trace data. |
Read, Add |
part-state-mappings |
urn:com:bosch:bci:rework:entity:part-state-mappings |
Part state mappings definition. |
Read |
processes |
urn:com:bosch:bci:rework:entity:processes |
Processes. |
Read |
routelists |
urn:com:bosch:bci:rework:entity:routelists |
Route lists for parts. |
Read |
scrap-reasons |
urn:com:bosch:bci:rework:entity:scrap-reasons |
ERP scrap reasons. |
Read |
server-features |
urn:com:bosch:bci:rework:entity:server-features |
Server features. |
Read |
setup-variables |
urn:com:bosch:bci:rework:entity:setup-variables |
Part type setup variables. |
Read |
workflows |
urn:com:bosch:bci:rework:entity:workflows |
Rework workflows. |
Read |
part-quality |
urn:com:bosch:bci:rework:entity:part-quality |
Checking part quality. |
Read |
API Operations |
|||
move-part-from-stock |
urn:com:bosch:bci:rework:operation:move-part-from-stock |
Moving part from stock. |
Execute |
move-part-from-supermarket |
urn:com:bosch:bci:rework:operation:move-part-from-supermarket |
Moving part from supermarket. |
Execute |
move-part-to-stock |
urn:com:bosch:bci:rework:operation:move-part-to-stock |
Moving part to stock. |
Execute |
move-part-to-supermarket |
urn:com:bosch:bci:rework:operation:move-part-to-supermarket |
Moving part to supermarket. |
Execute |
rename-part-identifier |
urn:com:bosch:bci:rework:operation:rename-part-identifier |
Renaming part identifier. |
Execute |
replace-part-routelist |
urn:com:bosch:bci:rework:operation:replace-part-routelist |
Replacing routelist for parts. |
Execute |
reset-timers |
urn:com:bosch:bci:rework:operation:reset-timers |
Resetting timers. |
Execute |
run-orch-workflows |
urn:com:bosch:bci:rework:operation:run-orch-workflows |
Running Orchestration workflows. |
Execute |
send-ddl-telegram |
urn:com:bosch:bci:rework:operation:send-ddl-telegram |
Sending DirectDataLink telegrams. |
Execute |
set-part-additional-data |
urn:com:bosch:bci:rework:operation:set-part-additional-data |
Setting part additional data. |
Execute |
update-part-station |
urn:com:bosch:bci:rework:operation:update-part-station |
Updating station for a part. |
Execute |
update-counters |
urn:com:bosch:bci:rework:operation:update-counters |
Updating counter value for a part. |
Execute |
update-part-header-vars |
urn:com:bosch:bci:rework:operation:update-part-header-vars |
Updating values for part header variables. |
Execute |
User Interface |
|||
read-part-user-interface |
urn:com:bosch:bci:rework:ui:read-part |
UI for viewing part details. |
Read |
read-comments-user-interface |
urn:com:bosch:bci:rework:ui:read-comments |
UI for viewing comments on process and type numbers. |
Read |
add-comments-user-interface |
urn:com:bosch:bci:rework:ui:add-comments |
UI for adding comments on process and type numbers. |
Execute |
create-part-user-interface |
urn:com:bosch:bci:rework:ui:create-part |
UI for creating parts. |
Execute |
update-part-header-vars-user-interface |
urn:com:bosch:bci:rework:ui:update-part-header-vars |
UI for updating values for part header variables. |
Execute |
update-counters-user-interface |
urn:com:bosch:bci:rework:ui:update-counters |
UI for updating counter value for a part. |
Execute |
reset-timers-user-interface |
urn:com:bosch:bci:rework:ui:reset-timers |
UI for resetting timers. |
Execute |
code-part-as-blocked-user-interface |
urn:com:bosch:bci:rework:ui:code-part-as-blocked |
UI for coding a part as blocked. |
Execute |
code-part-as-good-user-interface |
urn:com:bosch:bci:rework:ui:code-part-as-good |
UI for coding a part as good. |
Execute |
code-part-as-scrap-user-interface |
urn:com:bosch:bci:rework:ui:code-part-as-scrap |
UI for coding a part as scrap. |
Execute |
code-part-as-free-coding-user-interface |
urn:com:bosch:bci:rework:ui:code-part-as-free-coding |
UI for coding a part as free-coding. |
Execute |
code-part-as-single-coding-user-interface |
urn:com:bosch:bci:rework:ui:code-part-as-single-coding |
UI for coding a part as single-coding. |
Execute |
code-part-as-printout-user-interface |
urn:com:bosch:bci:rework:ui:code-part-as-printouty |
UI for coding a part as printout. |
Execute |
code-part-as-bad-user-interface |
urn:com:bosch:bci:rework:ui:code-part-as-bad |
UI for coding a part as bad. |
Execute |
code-part-as-send-telegram-user-interface |
urn:com:bosch:bci:rework:ui:code-part-as-send-telegram |
UI for coding a part as send-telegram. |
Execute |
marry-part-user-interface |
urn:com:bosch:bci:rework:ui:marry-part |
UI for 'Marry part' custom action. |
Execute |
separate-part-user-interface |
urn:com:bosch:bci:rework:ui:separate-part |
UI for 'Separate part' custom action. |
Execute |
exchange-components-user-interface |
urn:com:bosch:bci:rework:ui:exchange-components |
UI for 'Exchange components' custom action. |
Execute |
add-tracedata-user-interface |
urn:com:bosch:bci:rework:ui:add-tracedata |
UI for 'Add trace data' custom action. |
Execute |
change-error-code-user-interface |
urn:com:bosch:bci:rework:ui:change-error-code |
UI for 'Change error code' custom action. |
Execute |
create-empty-wpc-user-interface |
urn:com:bosch:bci:rework:ui:create-empty-wpc |
UI for 'Create empty WPC' custom action. |
Execute |
from-welding-user-interface |
urn:com:bosch:bci:rework:ui:from-welding |
UI for 'From welding' custom action. |
Execute |
to-welding-user-interface |
urn:com:bosch:bci:rework:ui:to-welding |
UI for 'To welding' custom action. |
Execute |
change-product-variant-user-interface |
urn:com:bosch:bci:rework:ui:change-product-variant |
UI for 'Change product variant' custom action. |
Execute |
send-ddl-telegram-user-interface |
urn:com:bosch:bci:rework:ui:send-ddl-telegram |
UI for 'Send DDL Telegram' custom action. |
Execute |
config-manager-user-interface |
urn:com:bosch:bci:rework:ui:config-manager |
Configuration manager view in the portal. |
Read |
config-upload-user-interface |
urn:com:bosch:bci:rework:ui:config-upload |
UI for uploading configuration files. |
Execute |
recreate-part-user-interface |
urn:com:bosch:bci:rework:ui:recreate-part |
UI for recreating parts. |
Execute |
part-handling-ack-errors-setting-user-interface |
urn:com:bosch:bci:rework:ui:part-handling-ack-errors-setting |
UI for toggling the setting whether to acknowledge all errors in part handling. |
Modify |
part-handling-actions-scheme-setting-user-interface |
urn:com:bosch:bci:rework:ui:part-handling-actions-scheme-setting |
UI for toggling the setting by which scheme to show actions in part handling. |
Modify |
reworking-process |
urn:com:bosch:bci:rework:ui:reworking-process |
Reworking Process. |
Read |
Rework Control Core |
|||
readdressing |
urn:com:bosch:bci:reworkcore:operation:readdressing |
Readdressing of the parts in other modules and updating the status in rework. |
Modify |
scanner-device |
urn:com:bosch:bci:reworkcore:entity:scannerdevice |
Represents the resource 'scanner device' in the configuration context. |
Modify |
workstation |
urn:com:bosch:bci:reworkcore:entity:workstation |
Represents the resource 'work station' in the configuration context. |
Read |
Roles
The following roles are created by default
-
Rework Admin: is granted all available privileges on all available resources.
-
Rework Readonly: has only read access on all resources that support 'Read' privilege.
Part Reader
| Resource Name | Privileges |
|---|---|
read-part-user-interface |
read |
parts |
read |
part-trace |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
documents |
read |
Part Creator
| Resource Name | Privileges |
|---|---|
create-part-user-interface |
execute |
parts |
read, add |
routelists |
read |
processes |
read |
workflows |
read |
read-part-user-interface |
read |
part-trace |
read |
part-state-mappings |
read |
part-quality |
read |
documents |
read |
Part Header Variables Editor
| Resource Name | Privileges |
|---|---|
update-part-header-vars-user-interface |
execute |
update-part-header-vars |
execute |
part-trace |
read, add |
move-part-from-supermarket |
execute |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
documents |
read |
Counter Editor
| Resource Name | Privileges |
|---|---|
update-counters-user-interface |
execute |
update-counters |
execute |
part-trace |
read, add |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
documents |
read |
Timer Editor
| Resource Name | Privileges |
|---|---|
reset-timers-user-interface |
execute |
reset-timers |
execute |
part-trace |
read, add |
move-part-from-supermarket |
execute |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
documents |
read |
Block Part Coder
| Resource Name | Privileges |
|---|---|
code-part-as-blocked-user-interface |
execute |
setup-variables |
read |
config-files |
read |
routelists |
read |
processes |
read |
blocks |
read, modify, add |
update-part-station |
execute |
part-trace |
read, add |
errors |
read |
cost-centers |
read |
scrap-reasons |
read |
move-part-from-supermarket |
execute |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
read-comments-user-interface |
read |
comments |
read |
documents |
read |
Set Good Part Coder
| Resource Name | Privileges |
|---|---|
code-part-as-good-user-interface |
execute |
setup-variables |
read |
config-files |
read |
routelists |
read |
processes |
read |
update-part-station |
execute |
part-trace |
read, add |
errors |
read |
cost-centers |
read |
scrap-reasons |
read |
blocks |
read |
move-part-from-supermarket |
execute |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
read-comments-user-interface |
read |
comments |
read |
documents |
read |
Scrap Part Coder
| Resource Name | Privileges |
|---|---|
code-part-as-scrap-user-interface |
execute |
setup-variables |
read |
config-files |
read |
routelists |
read |
processes |
read |
update-part-station |
execute |
part-trace |
read, add |
errors |
read |
cost-centers |
read |
scrap-reasons |
read |
blocks |
read |
move-part-from-supermarket |
execute |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
read-comments-user-interface |
read |
comments |
read |
documents |
read |
Free Coding Part Coder
| Resource Name | Privileges |
|---|---|
code-part-as-free-coding-user-interface |
execute |
setup-variables |
read |
config-files |
read |
routelists |
read |
processes |
read |
update-part-station |
execute |
part-trace |
read, add |
errors |
read |
cost-centers |
read |
scrap-reasons |
read |
blocks |
read |
move-part-from-supermarket |
execute |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
read-comments-user-interface |
read |
comments |
read |
documents |
read |
Single Coding Part Coder
| Resource Name | Privileges |
|---|---|
code-part-as-single-coding-user-interface |
execute |
setup-variables |
read |
config-files |
read |
routelists |
read |
processes |
read |
update-part-station |
execute |
part-trace |
read, add |
errors |
read |
cost-centers |
read |
scrap-reasons |
read |
blocks |
read |
move-part-from-supermarket |
execute |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
read-comments-user-interface |
read |
comments |
read |
documents |
read |
Printout Part Coder
| Resource Name | Privileges |
|---|---|
code-part-as-printout-user-interface |
execute |
setup-variables |
read |
config-files |
read |
routelists |
read |
processes |
read |
update-part-station |
execute |
part-trace |
read, add |
errors |
read |
cost-centers |
read |
scrap-reasons |
read |
blocks |
read |
move-part-from-supermarket |
execute |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
read-comments-user-interface |
read |
comments |
read |
documents |
read |
Bad Part Part Coder
| Resource Name | Privileges |
|---|---|
code-part-as-bad-user-interface |
execute |
setup-variables |
read |
config-files |
read |
routelists |
read |
processes |
read |
update-part-station |
execute |
part-trace |
read, add |
errors |
read |
cost-centers |
read |
scrap-reasons |
read |
blocks |
read |
move-part-from-supermarket |
execute |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
read-comments-user-interface |
read |
comments |
read |
documents |
read |
Send Telegram Part Coder
| Resource Name | Privileges |
|---|---|
code-part-as-send-telegram-user-interface |
execute |
update-part-station |
execute |
part-trace |
read, add |
errors |
read |
cost-centers |
read |
scrap-reasons |
read |
blocks |
read |
move-part-from-supermarket |
execute |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
ddl-telegram-variables |
read |
send-ddl-telegram |
execute |
server-features |
read |
setup-variables |
read |
routelists |
read |
processes |
read |
config-files |
read |
read-comments-user-interface |
read |
comments |
read |
documents |
read |
Comments Reader
| Resource Name | Privileges |
|---|---|
read-comments-user-interface |
read |
comments |
read |
read-part-user-interface |
read |
parts |
read |
part-trace |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
documents |
read |
Comments Writer
| Resource Name | Privileges |
|---|---|
add-comments-user-interface |
execute |
comments |
read, add |
read-comments-user-interface |
read |
read-part-user-interface |
read |
parts |
read |
part-trace |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
documents |
read |
Marry Parts Executor
| Resource Name | Privileges |
|---|---|
marry-part-user-interface |
execute |
set-part-additional-data |
execute |
rename-part-identifier |
execute |
workflows |
read |
server-features |
read |
read-part-user-interface |
read |
parts |
read, delete |
part-trace |
read |
part-state-mappings |
read |
part-quality |
read |
documents |
read |
Separate Parts Executor
| Resource Name | Privileges |
|---|---|
separate-part-user-interface |
execute |
rename-part-identifier |
execute |
workflows |
read |
server-features |
read |
read-part-user-interface |
read |
parts |
read, add |
part-trace |
read |
part-state-mappings |
read |
part-quality |
read |
documents |
read |
Exchange Components Executor
| Resource Name | Privileges |
|---|---|
exchange-components-user-interface |
execute |
part-trace |
read, add |
workflows |
read |
server-features |
read |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
part-quality |
read |
documents |
read |
Add Trace Data Executor
| Resource Name | Privileges |
|---|---|
add-tracedata-user-interface |
execute |
errors |
read |
part-trace |
read, add |
workflows |
read |
server-features |
read |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
part-quality |
read |
documents |
read |
Change Error Code Executor
| Resource Name | Privileges |
|---|---|
change-error-code-user-interface |
execute |
errors |
read |
part-trace |
read, add |
server-features |
read |
read-part-user-interface |
read |
parts |
read |
part-state-mappings |
read |
workflows |
read |
part-quality |
read |
documents |
read |
Create Empty WPC Executor
| Resource Name | Privileges |
|---|---|
create-empty-wpc-user-interface |
execute |
routelists |
read |
parts |
read, add |
workflows |
read |
server-features |
read |
read-part-user-interface |
read |
part-trace |
read |
part-state-mappings |
read |
part-quality |
read |
documents |
read |
From Welding Executor
| Resource Name | Privileges |
|---|---|
from-welding-user-interface |
execute |
part-state-mappings |
read |
rename-part-identifier |
execute |
workflows |
read |
server-features |
read |
read-part-user-interface |
read |
parts |
read |
part-trace |
read |
part-quality |
read |
documents |
read |
To Welding Executor
| Resource Name | Privileges |
|---|---|
to-welding-user-interface |
execute |
parts |
read, add, delete |
rename-part-identifier |
execute |
part-trace |
read, add |
update-part-station |
execute |
workflows |
read |
server-features |
read |
read-part-user-interface |
read |
part-state-mappings |
read |
part-quality |
read |
documents |
read |
Change Product Variant Executor
| Resource ID | Privileges |
|---|---|
change-product-variant-user-interface |
execute |
part-state-mappings |
read |
part-trace |
read,add |
update-part-header-vars |
execute |
workflows |
read |
server-features |
read |
read-part-user-interface |
read |
parts |
read |
part-quality |
read |
documents |
read |
Send DDL Telegram Executor
| Resource ID | Privileges |
|---|---|
send-ddl-telegram-user-interface |
execute |
workflows |
read |
server-features |
read |
read-part-user-interface |
read |
parts |
read |
part-trace |
read |
part-state-mappings |
read |
part-quality |
read |
ddl-telegram-variables |
read |
send-ddl-telegram |
execute |
processes |
read |
setup-variables |
read |
documents |
read |
Part Recreate Executor
| Resource ID | Privileges |
|---|---|
recreate-part-user-interface |
execute |
workflows |
read |
server-features |
read |
read-part-user-interface |
read |
parts |
read,add |
routelists |
read |
part-trace |
read |
part-state-mappings |
read |
part-quality |
read |
processes |
read |
documents |
read |
Configuration Uploader
| Resource ID | Privileges |
|---|---|
config-manager-user-interface |
read |
config-upload-user-interface |
execute |
config-files |
modify, add |
Part Handling Acknowledge Errors Setting Editor
|== |part-handling-ack-errors-setting-user-interface|modify |==
Part Handling Actions Scheme Setting Editor
|== |part-handling-actions-scheme-setting-user-interface|modify |==