i4connected Knowledgebase 5.6

User Roles

Abstract

The User Roles are objects that define user permissions and rights throughout the entire i4connected platform. Check out this article!

The User Roles are objects that define user permissions and rights throughout the entire i4connected platform. Users having no roles assigned are restricted from accessing the system.

No_access_rights.jpg

No access rights have been defined for this account

The Roles panel can be accessed by any user having access to the page where the User role tile is located. However, a user with low or limited permissions can only see own roles in the list view.

The Roles panel allows the user to perform the following operations:

User_role_panel.jpg

The Roles panel

Viewing, filtering and refreshing the list of Roles

There are two methods to access the Roles panel:

  • from the User roles tile on the i4connected Admin panel

    User_role_tile.jpg

    The User role tile

  • from the Roles tile in the User detailed view mode panel

    User_role_tile.jpg

    The User role tile in the detailed view mode of a User

Clicking on this tile the Roles panel is opened. The user can filter the list of Roles by typing in the name of the desired role. The Reset filter button Reset_filter.jpg clears all the contents in the search field are removes the filter from the list.

Filtering_roles.jpg

The Roles filter

The user is also provided with the possibility to manually reload the list contents, by clicking the Refresh toolbar button.

Refresh_roles.jpg

The Refresh panel

Adding new Roles

The Add button located in the Roles panel opens the Add role panel. The Add roles function is available only users having the Configure security permission enabled.

Add_Roles.jpg

The Add Roles button

The Add role panel features the following properties:

Ad_role_panel.jpg

The Add role panel

  • Role name - the name of the role;

  • Is privileged - marks the role as privileged.

    Tip

    The users having a privileged role assigned are provided with a set of special rights, hence being able to interact with other privileged roles and users.

    Only users that have privileged roles assigned to them can create or modify privileged roles. Non-privileged users will not be able to see or modify privileged items.

  • Is default - marks the role as default.

    Tip

    All the roles that are marked as default will be automatically assigned to new users.

  • Role type - sets the type of the role, allowing the user to chose from the following options:

    • Front-end role - is a portal user role.

      Tip

      Usually the default roles are marked as Front-end.

    • Function role - is a function specific user role, defining a set of functions that the user should have permission to process.

  • Permissions - assigns permissions to the role, defining what operations are permitted for each role.

    Tip

    For more details about the i4connected role management permissions, please also visit the Permissions article.

To preserve the changes made the user can click the Save button. Otherwise, by clicking the Close button, the Add role panel is closed and no changes are saved.

Linking Roles

Roles can be linked to other roles by clicking the Link button of the Role cards.

Link_button.jpg

The Link role button

In the Link roles panel the user can select the Roles to be linked to the selected Role.

Link_roles_panel.jpg

The Link roles panel

By clicking the Select button, the Link roles panel will be closed and the listed Role card will be updated to display the link relation. When linking a role to another, the relation will be treated as Direct linked role.

Direct_link_relation.jpg

Role card with Directly Linked Roles

When linking a Role having already other linked roles will establish an Indirect linked role relation. Roles that are indirectly linked to other roles will be also visible in the Role card.

Role_card_2.jpg

Role card with Directly and Indirectly Linked Roles

Note

The scope of the Linked Roles function is highly related to the fact that limited rights users, can only see and manage those roles that they have been explicitly assigned to.

The Linked Roles function enables the possibility to view and manage both the directly assigned roles and the linked roles.

For a better understanding of this function, please also visit the Linked Roles management tutorial.

Editing Roles

Users having the Configure security permission available, can manage the existing roles.

The Edit role panel can be accessed by clicking on a role card listed in the Roles panel. In this view, the user can change all the settings described under the Add role article. Changes can be preserved by clicking the Save button.

Edit_role_panel.jpg

The Edit role panel

Deleting Roles

The listed roles can also be removed by clicking the Delete toolbar button, in the Edit role panel. The Delete role option is available only for users having the Configure security permission enabled.

The Delete role panel displays information upon the impact of the removal operation.

Delete_role_panel.jpg

The Delete role panel

Deletion is confirmed by filling in the provided code and clicking the Delete button.

Entity role assignments
Abstract

Check out this article and learn how to assign users to the i4connected entities, such as Sites, Areas, Organizational Units, Devices and Signals.

The Entity role assignments panel is opened by selecting the Users tile from the Entity detailed view mode. The i4connectedEntities allowing role assignments are:

  • Sites

  • Areas

  • Organizational Units

  • Devices

  • Adapters

  • Signals

  • Reports

The Entity role assignment panel can be accessed only by users having at least the View users permission enabled.

Warning

The View users permission alone does not grant the user with possibility manage the Entity's permissions and assign new roles. The list of assigned users will be grayed out and no further management operations will be possible.

Entity_role_assignments_without_permissions.jpg

Entity role assignments panel in view only mode

In order to manage Entities role assignments the Users permission is required. Having this permission enabled, the Entity role assignments panel lists all the users assigned to that Entity, as cards in a scrollable list view. Each user card provides the following information:

User_card.jpg

Entity user role assignment card

  • the picture of the user

  • the addressing title, username and name

  • the list of user role assignments

While scrolling through the list of users, under the Entity role assignments panel, two types of assignments can be recognised:

Example_of_user_role_assignemnts.jpg

Direct assignment vs inherited assignment

  • Direct assignment - the directly assigned users can be removed from the selected Entity and implicitly managed from roles point of view.

  • Inherited assignment - the users inherited from higher hierarchical authorities are accompanied by the Inheritance_simbol.jpg symbol. These users cannot be detached from a lower hierarchical level, but their roles and permissions can be edited.

As all the i4connected lists, the Entity role assignments list can also be filtered, by typing in the search field the username / name of the user or only a part of it. The list is automatically filtered to display only the relevant results.

Filter.jpg

Example of filtered list

Warning

Search by User role is not possible. The filter will not return any results.

The list of Entity role assignments can be manually updated by clicking the Refresh toolbar button.

Adding Entity role assignments

Users having the the Users permission enabled can assign other users to the selected Entity, by clicking the Add toolbar button.

Add_role_assignments.jpg

The Add Entity role assignments button

The Entity role assignments drill-down panel is opened. In this view, the users can be invited either by selecting an existing user or by sending a user an invitation via E-Mail.

Assigning an existing user

By default, the Select existing user option is enabled. The Add Entity role assignments panel allows the following selections:

Entity_role_assignments.jpg

The Add Entity role assignments panel

  • Select User - opens the Select User panel where the list of users available for selection is displayed.

    The list is filtered displaying only the users that are covered by the action operator user's permissions. Hence, users having only the View users permission enabled will be allowed to select only users having common and lower or equal rights. On the other hand, a user having the View all users permission enabled will be allowed to selected from a complete list of all system users.

    Select_Users_panel.jpg

    The Select users panel

  • Message - allows the user to type in an optional message that can accompany the E-Mail notification delivered to the involved user.

  • Effective permissions - lists the Entity set of Effective permissions, where by default, are all set to Deny. After selecting a user the list is adjusted to display the Effective permissions Applied for the user.

    Effective_permissions.jpg

    The Effective permissions list

  • Roles - lists the selected User's roles, allowing the possibility to select the roles to be applied.

After filling in all the mandatory settings the role assignment can be applied by clicking the Select button. To leave the Add Entity role assignments mode the user can click the Cancel button.

Inviting a user via E-Mail

Allows possibility to invite a user via E-Mail, to be assigned to the Entity. This option is selected to accomplish the following use cases:

  • Inviting an exiting user, that the user performing the assignment cannot access in the Select User list, due to inferior permissions set.

  • Inviting a new user to the system and directly assigning him / her to an Entity.

Warning

A user that is already assigned to the selected entity cannot be invited twice. Hence, when an email address that has already been used by a user assigned to the Entity, an error message will be displayed.

nviiation_already_sent.jpg

Error message: Email address already used

  • Name - the name of the User

  • E-Mail - the User's E-Mail address, where the invitation will be delivered.

  • Message - an option message that will accompany the E-Mail notification.

  • Effective permissions - lists the Entity set of Effective permissions, where by default, are all set to Deny. After selecting the User Roles, the Effective permissions list will also be updated to display the applied and the denied permissions.

    Effective_permissions_for_inv.jpg

    The Effective permissions list

  • Roles - lists the Roles of the currently logged in user, hence the invitee cannot belong to a higher role, than the user sending the invitation.

After filling in all the mandatory settings the role assignment can be applied by clicking the Select button. To leave the Add Entity role assignments mode the user can click the Cancel button.