Object Security for Organizations in Delegated Admin Units

Back to Top of Security for Objects in DA Units

Back to list of objects

The following table lists the types of users in a Platform configured for Delegated Administration and describes their access to Organizations:

Important! Editing the Organization and Location of an asset from the Axeda® Service application can change the access to the asset. Consider restricting the users who have the privilege to edit this information from the Service application.

NOTE: DA visibility restrictions and privileges are NOT fully supported for Organizations. See Supported Objects for Delegated Administration for more information.

In this table, "accessible assets" refer to the assets that the user can access, based on the asset groups assigned to the user's user group.

 

User

Access

Principal Axeda® Connected Product Management Applications Administrator

Access to ALL Organizations in the Platform

Non administrator with correct privileges

In Configuration Application -> Organizations -> View, Edit assuming correct user group privileges.

Access to Organizations that this user created AND to Organizations associated with accessible assets.

Assuming this user has the appropriate privileges to the Configuration application and operations on Organizations:

Example 1: if this user has access to asset 1 in Org 1, the user can view and edit Org1 from the Configuration application.

Example. 2: if this user creates Org2, this user can view and edit Org2 in the Configuration application.

Example 3: if the Platform administrator (Principal user) created Org3, this user cannot see it unless he/she can see one or more assets associated with Org3.

In the Service Application, this user can see the Organizations for each accessible asset. With the appropriate privilege, this user can edit the Organization for an asset.

1st level DA user (DA1)

2nd level DA user (DA1-1)

Another DA user within same DA as DA1

Same as Non-admin with correct privileges.

The only way a DA1 user can see an Organization created by a child-DA (say DA1-1) user is if the DA1 user has access to DA1-1's asset.

A user in DA1 cannot see Organizations created by a DA user in another DA at the same level (say DA2) unless for some reason the user in DA1 has access to assets in DA2.