Access management for platform data is a critical function for any company that is using the platform. Due to the multi tenancy approach and the fact that the access to machine data is mission critical, the platform needs a flexibel solution that fits every company. Therefore we’re offering a role-based access control (RBAC) that helps you to manage who has access to machines & customer data, what they can do with those data, and what areas they have access to.
How it works
The way you control access to data using RBAC is to assign roles. This is a key concept to understand – it's how permissions are enforced. A role assignment consists of three elements: user or groups, role definition, and scope.
The role setting is a collection of permissions that enables the user to execute the following functions. It's typically just called a role. The role setting lists the operations that can be performed within a specific feature. The permissions are defined by the feature. Let's take Customer Management and his permissions as an example.
The platform has a set of built-in roles as starting point.
Scope is the structure of your company within the platform. You can assign several entities to a scope so that the responsibility can be defined. Currently, the platform offers two types of scope. Tenant (Company account) and Facilities/Service Organisations. We have already concepts to extend this scope with dynamic facilities (like Site, Building, Production area).
The scope is defined by the following levels:
- Service organization / Facility
- Machine / Asset
Assign scope to operator roles: