ExoSense User Management¶
Users in ExoSense are managed by their unique email address. Each user has a Role assigned to them that defines their permissions in the application. Users are also invited to one or more groups, which contain assets, group-level dashboards, devices, and subgroups. A user will have access to each group and all subgroups.
Inviting Users¶
The Users page allows inviting new users and checking the roles / group permissions of existing users.
To invite a user, click the button on the Users page, add their email address, choose their permission role and the group(s) they will have access to in the hierarchy.
Inviting Multiple Users
Multiple users can be invited at one time if they have the same role and group access. Add each of their email addresses to the email form box separating them with a comma (e.g. user1@example.com,user2@example.com).
Invitation Expiration
- New user invitations expire after 8 days.
- A re-sent invitation will expire after 4 days.
User Roles¶
Users with the Setup - Roles permission in their role (including Host Administrators) can create, edit, and remove user roles. Roles define functionality rights to a user. The default role for initial users is 'Host Administrator' which provides all functional permissions below. As an example, administrators (those with the Setup-Roles function enabled) can create a new role such as "Installer".
Permissions and Group Relationship
All permissions adhere to a strict control access policy tied to the group node at which the User with the role (permissions) has.
Examples:
- A user with a Role with the
View Asset Datapermission will only see assets and groups that they have access to in group hierarchy. - A user with a Role with the
Asset Managementpermission will only be able to add and edit assets that they have access to in group hierarchy. - A user with a Role with the
User Managementpermissions can only invite and edit users within the groups they have access to.
Permissions and Feature Availability
Some permissions are tied to the feature available to the solution. Some features are enabled/disabled at the Tier level. Features are also controlled with the administrative Feature Controls.
Role Permissions¶
| Permission | General Category | Description |
|---|---|---|
View Asset Data | Viewer | Allows viewing assets in lists and their data in dashboards, event logs, and reports. |
View Asset | Viewer | Allows viewing assets in lists (including statuses and last reported times.) This is the most restrictive viewing permission. |
Dashboard Management | Viewer | Allows a user to publish/un-publish dashboards. Legacy Permission: No longer supported with new Side Navigation UI. |
Asset Management | Asset Management | Allows a user to manage assets, including adding, editing, and removing of assets, configuration, and dashboard creation. |
Asset Template Management | Asset Management | Allows a user to manage asset templates. |
File Management | Asset Management | Allows a user to maintain (upload) asset content files and setup Content Viewer dashboard panels. |
View Unpublished Files | Asset Management | Allows a user to see an asset's content files that have been uploaded, i.e. see the Asset Content tab. Can not upload new files. |
Asset/Device Control | Asset Management | Allows the user ability to interact with device control dashboard panels. |
Bulk Change | Asset management | Allows users to easily make bulk updates to large numbers of signals or assets. |
Condition Policy Management | Asset management | Allows a user to create, update, read, and delete condition policies. |
Condition Read-Only | Viewer | Allows a user read-only access to conditions. |
Condition User | Technician | Allows a user to change condition states, leave comments, and assign conditions |
User Management | Manager | Allows for inviting, editing (user's role/groups) and removing users. |
Group Management | Manager | User can access the Browse screen and add, edit, and remove groups, as well as change an asset’s group assignment. |
Data Explorer | Manager | Access to Data Exploration tool. |
Device Management | Device Management | Users can look at connected IoT device data and configure their channels. |
Device Software Package Management | Device Management | Allows a user to see and apply available software packages for devices. |
Device Software Package Administration | Device Management | Allows a user to manage software packages available to devices. |
User Activity Logs | Administrator - Group | Allows for viewing user activity logs. User must be on the root node for permission to be enabled. |
Manage Custom Insights | Administrator - Group | Allows users to create custom transforms and rules in the UI using MathJS or JSON-e. |
Api Tokens | Administrator - Group | Allows a user to create and delete API Tokens. |
Setup - Roles | Administrator - Group | Allows a user to create, edit, and delete user roles from the larger set of user permissions. |
Legal | Administrator - Solution | Allows user to edit the standard terms and conditions, and add a custom URL for the privacy policy. |
Setup - Theme | Administrator - Solution | Allows a user to control the theme and logos, application name, default language, |
Setup - Data Sources | Administrator - Solution | Allows an administrative user to view which IoT connectors are available for this ExoSense instance. |
Setup - Feature Control | Administrator - Solution | Allows an administrative user to control which features are enabled on a solution. |
Work Instruction Management | Manager | Access to Uploading and Duplicating Work instructions. |
Work Order Administrator | Manager | Can create, assign, schedule, perform, be assigned, edit and view work orders. Has all work instruction capabilities also. |
Work Order Manager | Manager | Can create, assign, schedule and view Work Orders. Can leave comments and update the description. |
Work Order Perform | Technician | Can be assigned, perform (complete steps, upload evidence/comments), and view Work Orders. |
Work Order View | Viewer | Can view work orders. Can view work instructions. |
Creating / Editing User Roles¶
In this example, a new user role called "Installer Midwest Region" can be created with permissions to view asset data and manage Asset configuration. This new role can optionally be assigned to only be accessible at a sub group node.
