Skip to content

Roles

A role is a collection of permissions that can be assigned to a user or user group. When you assign a role to a user, the user receives all rights that are defined for the corresponding role. You can manage the access rights of your employees with role assignment. The role assignment in the "User" tab shows in which user group the role is included:
Standard User group

You can create the following types of roles:

  • App roles
  • Core app roles
  • Custom roles
  • Standard roles

App roles

Each app running on MindSphere offers individual roles that grant access to the application. Every application in MindSphere can have their own app roles, that can be assigned to relevant users. The app roles are either used by MindSphere for core applications such as e. g. Asset Manager, or the developer for 3rd party applications.
Roles for other applications will be made available in Settings automatically once the app was bought. For example, you can assign the Visual Flow Creator User role to users via Settings to grant them access to the Visual Flow Creator.

Core app roles

Core app roles are app roles of MindSphere system tools like Asset Manager or Fleet Manager.
You can identify core app roles on the prefix: mdsp:core.
You can enable core app roles in your tenant to make them available.
You can find a list of all available core app roles in chapter core app roles.

Custom roles

Custom roles are flexible roles that you can define.
With custom roles you can bundle roles from each role category like default roles, app roles or custom roles into a new role. This enables you to assign individual combinations of permissions to users and user groups.

Standard roles

A standard role is a set of app roles.

Note

You can use the core app roles for the assignment of single apps like Fleet Manager. Please also assign the Launchpad role for accessing apps.

User interface "Roles"

The following figure shows the "Roles" user interface:

Create custom roles

① Create a new custom role

② Opens core app role configuration window

③ Role details:

  • Name of the role

  • Description of the role

⑤ List of all users assigned to the role

⑥ Click on "Edit user assignment" to assign or remove users to the role

⑦ Click on the arrow to change to the "Users" interface

Edit assignment screen

The "Edit assignment" screen allows you to assign or remove users to the role. You can filter users according to fixed parameters.
Edit assignment screen

Filter parameter of "Edit assignment"

You can use filter and combine the parameter to find sought user. The following table shows the filter parameter:

Filter Description
Selected Shows all selected users of the "Edit assignment" screen.
Unselected Shows all unselected users of the "Edit assignment" screen.
Changed Shows all changed and unsaved user. The list also highlights changed user.
Unchanged Shows all unchanged user.
Subtenant user Shows all as subtenant user created user.
Global user Shows all global user.

Standard roles

The MindSphere platform offers a set of standard roles. A standard role consists of different permissions to use particular applications in MindSphere and can be subdivided into the following categories:

  • Administrative access: Full use without restrictions within a tenant. mdsp:core:TenantAdmin, mdsp:core:OperatorAdmin, mdsp:core:DeveloperAdmin
  • Standard access: Restricted use within a tenant. The system manuals of the apps provide detailed information about the permissions. mdsp:core:TenantAdmin, mdsp:core:OperatorAdmin, mdsp:core:DeveloperAdmin
  • Subtenant access: Restricted use as a subtenant user within a tenant. mdsp:core:SubTenantUser

The system manuals of the apps provide detailed information about the permissions.

The following table describes which license you need in order to utilize the respective default role:

Standard role Role ID
TenantAdmin mdsp:core:TenantAdmin
StandardUser mdsp:core:StandardUser
SubtenantUser mdsp:core:SubTenantUser
OperatorAdmin mdsp:core:OperatorAdmin
DeveloperAdmin mdsp:core:DeveloperAdmin
Developer mdsp:core:Developer

You can find detailed information to each standard role in the following sections:

Assign users to a role

You can assign a user to a role in the tab "Roles" or assign roles to a user in the tab "Users". You can find more information about users in the section Managing users.

Procedure

In order to assign a user to a role proceed as follows:

  1. In the navigation, click "Roles".
  2. Select the relevant role in the selection list.
  3. Click "Edit assignments".
  4. The "Edit assignment" dialog box opens.
  5. Select the users from the list.
  6. In order to find the searched users faster you can use the filters. You can find more information about filter in the chapter User interface "Roles".
  7. Select or clear the appropriate check boxes to assign or unassign users to the role.
  8. To approve the changes, click "Next".
  9. To save the changes, click "Close".

Result

You have assigned a user to a role. The corresponding user must log in again for the changes to become effective.

Note

After reassigning roles, you need to login and logout for these changes to take effect.

Create custom roles

Procedure

In order to create a custom role proceed as follows:

  1. In the navigation, click "Roles".
  2. To create a custom role click create-user or "Create custom role".
  3. Enter a name and description.
  4. To save the new custom role click "Create custom role".

Result

  • You have created a new custom role.
  • The new role appears in the custom role list.
  • You can customize the new role by adding roles, users and user groups.

Configure core app roles

You can enable core app roles in your tenant to use them for finer grained access control.

Procedure

In order to enable core app role proceed as follows:

  1. In the navigation, click "Roles".
  2. To open the core app roles configuration click core app role settings.
  3. Select the core app roles you want to use in your tenant and click "Next".
  4. To use the core app roles in your tenant and save the settings click "Save".

Note

Disable core app roles You can also disable a core app role by deselecting it. Disabling a core app role removes the role from all assigned users, user groups and roles. Please note that associated permissions granted to your user will be removed.

Result

  • You can now use the added core app roles in your tenant.
  • You can add the core app roles to a custom role.

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.


Last update: June 27, 2022