i4connected Knowledgebase 5.6

Permissions

Abstract

Check out this article and learn more details about the permissions set introduced by the i4connected 5.6 version.

The list of permissions is a predefined set of rights, governing all aspects of the application. The user can either assign a role to an entire category of permissions or chose the effective permissions individually. The built-in permissions table provides information upon the relevance of the permission, when assigned either globally or at hierarchy level.

Tip

The Assignment relevance column of below table, indicates the level on which the permission takes effect, after the assignment to a role is done, as follows:

  • Permissions having a Global assignment relevance Global.jpg guard system-wide or administrative actions that require high authority rights.

  • Permissions having a Hierarchical assignment relevance hierarchical.jpg guard limited hierarchical entities actions that do not require advanced rights or system knowledge.

  • Permissions having a Privileged assignment relevance Privileged.jpg guard special actions that require super-user rights.

  • Permissions having both Global and Hierarchical assignment relevance guard system-wide actions concerning hierarchical entities.

  • Permissions having having both Global and Privileged assignment relevance guard system-wide or administrative actions, that require the special rights of a super-user.

The permission list is composed of built-in permissions and extended permissions.

Built-in permissions

Category

Permission name

Description

Assignment Relevance

System

Manage configuration

Allows managing the system configuration and the global items, such as:

  • Signal types

  • Site types

  • Key Performance Indicators

  • Measure Aggregations

  • Measure Groups

  • Devices

  • Entity variables

  • Manufacturers / Models / Types / Versions

  • Translations

  • Weather normalization

  • other general system settings

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Privileged Privileged.jpg

Manage shared filters

Allows saving filter settings as global (shared) filters, as described in The Object Filter article.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Manage shared tiles

Allows managing tiles which are shared by all system users, as described in the Tile management article.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Manage personal tiles

Allows managing tiles which are available only to the currently logged in user, as described in the Tile management article.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Import (append)

Allows all import operations that offer an append or merge conflict resolution action. These resolution actions are generally non-destructive.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Import (overwrite)

Allows all import operations that offer an overwrite resolution action. These resolution actions are generally destructive (they overwrite existing data) so extra caution is advised.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Security

Configure security

Allows configuring roles and permissions. Users having this permission enabled can add, edit, link and delete roles. For more details, please also visit the User roles article.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Configure privileged security

Allows configuring privileged roles and permissions. Users having this permission enabled can add, edit, link and delete Privileged roles. Without this permission, Privileged roles will not be visible for further modifications.

For more details, please also visit the User roles article.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Privileged Privileged.jpg

View users

Allows listing the users to which the current user has a relationship.

The user having this permission available will be allowed to view only the users having equal or inferior roles and permissions.

For more details about Users management, please also visit the dedicated article.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

View all users

Allows listing all the users in the system.

For more details about Users management, please also visit the dedicated article.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Privileged Privileged.jpg

Users

Allows creating, editing, deleting, activating and deactivating users and resetting their passwords. This permission requires one of the View users / View all users permissions.

For more details about Users management, please also visit the dedicated article.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Change password

Allows a user to change his / her own password.

For more details about Users management, please also visit the dedicated article.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

View all user invitations

Allows listing all the invitations in the system.

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Privileged Privileged.jpg

Sites and areas

View sites and areas

Allows viewing sites and areas along with their corresponding calculations (from measure aggregations).

This permission needs to be assigned at hierarchy level. Hence, the user receiving this permission will only be allowed to view the site / area to which he / she was explicitly assigned.

This permission has no effect on user's rights, when assigned only at global level.

For more details about the Entity role assignments feature, please also visit the dedicated article.

Hierarchical hierarchical.jpg

Manage sites and areas

Allows creating, editing, managing application mappings, importing Ewon configuration and deleting sites and areas.

Having this permission set at global level, allows the user to manage all sites and areas, for which at least view rights are already available.

Having this permission at hierarchical level, allows the user to manage only the respective sites / areas.

For more details about the Entity role assignments feature, please also visit the dedicated article.

Global Global.jpg

Hierarchical hierarchical.jpg

View all sites and areas

Allows viewing sites and areas in the system. This permission does not enable the sites or areas management features.

This is a globally relevant permission, usually granted to users with high authority or privileged rights.

Assigning this permission at hierarchical level will have no effect.

Global Global.jpg

Privileged Privileged.jpg

Organizational Units

View organizational units

Allows viewing organizational units along with their corresponding calculations (from measure aggregations).

This permission needs to be assigned at hierarchy level. Hence, the user receiving this permission will only be allowed to view the organizational units to which he / she was explicitly assigned.

For more details about the Entity role assignments feature, please also visit the dedicated article.

This permission has no effect on user's rights, when assigned only at global level.

Hierarchical hierarchical.jpg

Manage organizational units

Allows creating, editing, managing application mappings, importing Ewon configuration and deleting organizational units.

Having this permission set at global level, allows the user to manage all organizational units, for which at least view rights are already available.

Having this permission at hierarchical level, allows the user to manage only the respective organizational unit.

For more details about the Entity role assignments feature, please also visit the dedicated article.

Global Global.jpg

Hierarchical hierarchical.jpg

View all organizational units

Allows viewing organizational units in the system. This permission does not enable the organizational units management features.

This is a globally relevant permission, usually granted to users with high authority or privileged rights.

Assigning this permission on a hierarchical level will have no effect.

Global Global.jpg

Privileged Privileged.jpg

Devices

View devices

Allows viewing devices and their corresponding calculations, from measure aggregations.

The user receiving this permission will only be allowed to view the devices of the hierarchical entities to which he / she was explicitly assigned.

This permission should be assigned on hierarchical level, otherwise it will have no effect on user's rights.

For more details about the Entity role assignments feature, please also visit the dedicated article.

Hierarchical hierarchical.jpg

Manage devices

Allows creating new devices, editing, cloning and deleting existing devices, managing user assignments and application mappings.

Having this permission set at global level, allows the user to manage all devices of the hierarchical entities, to which he / she was explicitly assigned.

Having this permission enabled at hierarchical level, allows the user to manage only the devicesto which he / she was explicitly assigned to.

For more details about the Entity role assignments feature, please also visit the dedicated article.

Global Global.jpg

Hierarchical hierarchical.jpg

View adapters

Allows viewing and selecting adapters when adding and editing devices.

This is a hierarchically relevant permission, hence assigning it at global level will not lead to the expected results.

Hierarchical hierarchical.jpg

Manage adapters

Allows creating new adapters, editing and deleting existing adapters, managing user assignments and application mappings.

This permission can be assigned either on global or hierarchical level. The obtained result will be the same.

For more details about the Entity role assignments feature, when assigning this permission on hierarchical level, please also visit the dedicated article.

Global Global.jpg

Hierarchical hierarchical.jpg

View all adapters

Allows viewing and selecting all the adapters available in the system.

This is a globally relevant permission, usually granted to users with high authority or privileged rights.

Assigning this permission on a hierarchical level will have no effect.

Global Global.jpg

Privileged Privileged.jpg

Signals

Read signals

Allows the user to open the Edit signal panel in order to read the signal value, but does not allow the user to change and save the signal settings.

This permission can be assigned on a global or hierarchical level.

Global Global.jpg

Hierarchical hierarchical.jpg

Write signals

Allows the user to open the Edit signal panel in order to read the signal value and make further changes to the signal settings.

Additionally, users having this permission enabled can add new signals or virtual signals and add/edit/remove signal compression settings.

This permission can be assigned on a global or hierarchical level, as follows:

  • Global level - grants the user with permission to write all signals available for the hierarchical entities where he / she is explicitly assigned.

  • Hierarchical level - grants the user with permission to write only the signals where the permission was explicitly assigned.

Having this permission assigned both globally and hierarchically will apply the global effects.

Global Global.jpg

Hierarchical hierarchical.jpg

Edit measurement history

Allows the user to input counter signal corrections, as described by the dedicated article here.

This is a globally relevant permission, hence assigning it on hierarchical level will not lead to the expected results.

Global Global.jpg

Events

View events

Allows viewing the lists of the following entities:

  • Event Groups

  • Event Types

  • Event Priorities

  • Events

  • Online Alarms

  • Historical Alarms

  • Audit Events

This is a globally relevant permission. Assigning this permission on a hierarchical level will have no effect on user's rights.

Global Global.jpg

Manage events

Allows creating, editing and deleting the following entities:

  • Event Groups

  • Event Types

  • Event priorities

  • Events

Additionally, this permission allows the user to publish manual events.

This permission requires the View events permission, as well.

This is a globally relevant permission. Assigning this permission on a hierarchical level will not grant the user with the expected rights.

Global Global.jpg

Privileged Privileged.jpg

Close events

Allows closing events.

Global Global.jpg

Acknowledge events

Allows acknowledging events.

Global Global.jpg

Take event ownership

Allows taking ownership of events.

Global Global.jpg

Assign event ownership

Allows assigning the ownership of events to another user.

Global Global.jpg

Change event priority

Allows overriding event priorities.

Global Global.jpg

Comment events

Allows commenting on events.

Global Global.jpg

View event comments

Allows viewing event comments.

Global Global.jpg

View event history

Allows viewing event history. The history includes comments, so typically this should be denied if the view comments permission is denied.

Global Global.jpg

View event logbook

Allows viewing logbook events (manual).

Global Global.jpg

View audit log

Allows auditing sensitive operations such as historical events performed by a user on an auditable action.

The following actions can be audited:

  • Login / Logout

  • Change password

  • Add / Edit / Delete user

  • Change user password

  • Change role assignments

  • Any CRUD operation performed in the system

For more details about Audit Events please also visit the dedicated article here.

Global Global.jpg

Manage messenger

Allows the user to set up i4messenger:

  • Edit event notification settings

  • Add / Edit / Delete Notification profiles

  • Add / Edit / Delete Response Teams

  • Add / Edit / Delete Publish sets

This is a globally relevant permission, hence enabling it on hierarchical level won't lead to the expected results.

Users that do not have this permission enabled, will be allowed to open the i4messenger specific lists in view mode only.

For more details about the i4messenger Addon, please also visit the dedicated article.

Global Global.jpg

Reports

Manage report definitions

Allows viewing and creating report groups. Allows creating report definitions.

Global Global.jpg

Schedule reports

Allows scheduling reports.

Global Global.jpg

User distribution lists

Allows sending scheduled reports to distribution lists (external email addresses).

Global Global.jpg

Report archive

Allows access to the report archive.

Global Global.jpg

Measure action

Manage measure action

Allow the user to manage the measure actions.

This is a globally relevant permission, hence enabling it on hierarchical level won't lead to the expected results.

Global Global.jpg

Import measure action

Allows the user to import measure actions.

This is a globally relevant permission, hence enabling it on hierarchical level won't lead to the expected results.

Global Global.jpg

View measure action

Allows the user to view the measure actions.

This is a globally relevant permission, hence enabling it on hierarchical level won't lead to the expected results.

Global Global.jpg

Manual counter

Manage manual counter

Allow managing the manual counters.

This is a globally relevant permission, hence enabling it on hierarchical level won't lead to the expected results.

Global Global.jpg

Requisition note

Requisition note power plant user

Allow confirming requests and mark request as handled.

This is a globally relevant permission, hence enabling it on hierarchical level won't lead to the expected results.

Global Global.jpg

Requisition note hall manager

Allow adding and managing requests as hall manager.

This is a globally relevant permission, hence enabling it on hierarchical level won't lead to the expected results.

Global Global.jpg

Applications

View applications

Allows the user to view i4designer listed application mappings, to which he / she is set as owner or asignee.

This is a hierarchically relevant permission, hence assigning it at global level will not lead to the expected results.

For more details about thei4designer Applications, please also visit the dedicated article here.

Hierarchical hierarchical.jpg

Manage applications

Allows creating, editing and deleting i4designer applications. This permission can be assigned both globally or hierarchically, with the following effects:

  • Global assignment will allow the user with possibility to manage an owned application

  • Hierarchical assignment will allow the user with possibility to manage an application to which he / she was explicitly assigned.

For more details about thei4designer Applications, please also visit the dedicated article here.

Global Global.jpg

Hierarchical hierarchical.jpg

View all applications

Allows viewing all i4designer applications.

For more details about thei4designer Applications, please also visit the dedicated article here.

Global Global.jpg

Privilieged Privileged.jpg

Extended permissions

Extended permissions require database and code changes , hence these cannot be organised in the administration user interface. Usually, such extended permissions can be introduced for custom module, at request.