Object Security for Rules in DA Units

Back to Top of Security for Objects in DA Units

Back to list of objects

Notes: The rules here do NOT include Expression Rules, State Machines, or Rule Timers. These are the rules that you can see by selecting View > Rules in the Configuration application.
These Rules are visible across DA Units, as long as the DA user groups have the privilege to view them. To prevent DA users from seeing Rules, make sure that the DA user groups do not have the privilege, Configuration - Rules - View.

Also note that DA visibility restrictions and privileges are NOT fully supported for Rules. See Supported Objects for Delegated Administration for more information.

The following table lists the types of users in a Platform configured for Delegated Administration and describes their access to Rules:

 

User

Access

Principal Axeda® Connected Product Management Applications Administrator

Access to ALL Rules in the Platform. When selecting the scope for a Rule, access to all models, assets, and asset groups in the Platform. When selecting the user groups who can view, edit, and execute the Rule, access only to user groups in the Root DA Unit.

Non administrator with correct privileges

With appropriate privileges to the Configuration application and operations on Rules and to models/assets, this user can view, create, modify, and delete Rules.

When selecting the scope for a Rule (all Rules except Case), the visibility of models, assets, and asset groups is based on the asset groups assigned to this user's user group. For example, if this user does not have access to the asset group, AG1, the models/assets assigned to AG1 are not available to select for a Rule.

When selecting the user groups who can view, edit, and execute the Rule, this user can see only the user groups in the Root DA Unit.

1st level DA (DA1)

2nd level DA (DA11)

Another DA user within same DA as DA1

With appropriate privileges to the Configuration application and operations on Rules, DA users can access any Rule associated with models/assets to which the DA users have access (by assignment of asset groups to the DA user groups), regardless of the asset groups selected in the wizard. For example, if the Principal Admin user creates a Rule and selects a model that belongs to an asset group that has been assigned to a DA user group, the users in the DA user group can see that Rule.

When creating Rules, DA users can select only from models/assets and asset groups to which they have access, based on the asset groups assigned to their user groups. In addition, they can select only from the user groups in their DA Unit.