User rights
For the Collaboration Board , there are the following categories of user rights.
User
As AppUser, you see the problem descriptions, tasks and reports for the factories that are approved for you.
The visibility of the machine data depends on your MindSphere user role.
Application administrator
As AppAdmin, you have the same rights as a user.
In addition, you can edit and activate or deactivate the machines, lines and plants in the "Settings" menu item.
Furthermore, you can edit the question catalog in "Settings".
Access right concept
The AppAdmin role is required for full access. If the role AppAdmin is not assigned to the user, the menu item "Settings" is not displayed to the user concerned.
Your TenantAdmin creates the SubTenants for you and assigns the app-specific roles AppAdmin (scb.admin) or AppUser (scb.user) to authorized persons in your company.
The following table shows the access rights according to the user roles.
Access right |
MindSphere role App role |
|||
---|---|---|---|---|
StandardUser |
SubTenantUser |
|||
scb.user |
scb.admin |
scb.user |
scb.admin |
|
Start application |
✓ |
✓ |
✓ |
✓ |
Synchronize user accounts |
✓ |
✓ |
||
Change the settings of the app |
||||
Tenant factory |
✓ |
|||
Own SubTenant factory |
N/A |
N/A |
✓ |
|
Other SubTenant factory |
✓ |
|||
Retrieve machine data |
||||
Tenant factory |
✓ |
✓ |
||
Own SubTenant factory |
N/A |
N/A |
✓ |
✓ |
Other SubTenant factory |
✓ |
✓ |
||
Other functions of the app |
||||
Tenant factory |
● (R/W) |
● (R/W) |
● (R) |
● (R) |
Own SubTenant factory |
N/A |
N/A |
● (R/W) |
● (R/W) |
Other SubTenant factory |
● (R) |
● (R) |
● (R) |
● (R) |
✓ |
Available |
N/A |
Not applicable |
● (R/W) |
Adjustable, initial setting: Read and write rights |
● (R) |
Adjustable, initial setting: Read rights |
Enabling Collaboration Board user rights
The Teant administrator must add the role "scb.user" or "scb.admin" to the user. After adding the role, the application is visible in the user's launch pad. After adding the user, a Collaboration Board user must click "Synchronize user" in the Collaboration Board settings.
Recommendation on the authorization concept
-
Create two user groups:
-
scb-admin-group
-
scb-user-group
-
-
Assign the appropriate app roles to the two user groups:
-
scb-admin (app admin authorization)
scb-user (app user authorization)
-
-
Add the user accounts to the appropriate user groups.
NOTE
Each time the user inventory is changed (e.g. when a new user is created on the MindSphere), the app must be synchronized with the MindSphere database. This is done by pressing the "Synchronize user" button on the "Settings" tab.
NOTE
When the app is updated, the roles and scopes in MindSphere may be lost and need to be reassigned. Managing user permissions with user groups makes this step easier.