Axeda® Connected Product Management Applications provides two security uses for user groups. One is to control access to assets and their data by assigning asset groups, regions, organizations, locations, and data item groups to user groups. The other is to control access to operations on objects by assigning privileges to user groups. Users inherit their ability to access assets and asset groups and their privileges to perform operations on Platform objects from the user groups to which they are assigned.
Important!
If users are allowed to modify information for an asset from the Location
module of the Axeda® Service
application
or from the Configuration application, it is possible for changes to the
organization, region, or location of an asset to change the ability of
users to access the asset (organizations, regions, and locations can be
assigned to user groups, limiting the access of users in a user group
to the assets associated with the organizations, regions, and/or locations
assigned to the user group).
In addition, if dynamic group definitions are enabled, it is possible for
changes to the values of Asset Properties from the Asset dashboard to
change the Asset Group to which the asset belongs, thereby the ability
of the users to continue to access the asset.
Platform administrators can prevent inadvertent changes in access to assets
because of changes to organizations, locations, and regions by preventing
users of the Axeda® Service
application
from editing this information (controlled by the privilege, Configuration
- Asset - Modify). They can also prevent inadvertent changes to the Asset
Group to which an asset is assigned because of changes to the Property
values by not granting the privilege,
Service
- Asset Property
Value - Modify, to the appropriate User Groups.
In alphabetical order, the Axeda® Connected Product Management Applications objects and their security are as follows:
1. Actions (old style) -- When creating (or editing) an Action, users can associate the action with models and user groups (permissions to edit and to execute). These associations control access to the Actions.
2. Assets and Asset Groups -- Access to assets is controlled by assigning assets to asset groups, users to user groups, and asset groups to user groups. You need to enable this security for an individual user group and then make the assignments.
3. Asset Conditions -- Only user group privileges to the Axeda Configuration application and the operations for Asset Conditions (create, edit, view, delete) control access to asset conditions.
4. Asset States and Asset State Groups -- Access to assets controls the assets whose asset states you can manage, while user group privileges to the Axeda Configuration application and the operations for Asset States and Asset State Groups (create, edit, view, delete) control the operations you can perform on asset states and asset state groups.
5. Cases -- The abilities to search for and view cases, create cases, modify cases, close cases, and so forth are controlled by user group privileges. Asset group assignments control which users can be assigned to which cases; only users with permissions to an asset (based on User Group assignment) can be assigned to any cases opened for that asset. In addition to Axeda Applications users, only those partners who have access to an asset or asset group can be assigned to any cases for those assets. Privileges specific to case operations control access to these operations.
6. Contacts -- In general, the user group privileges control a user's ability to view, create, edit, and delete contacts. However, a user can see all Contacts for all assets to which they have access (by their user group membership). The user can also see all Contacts for the Organizations to which they have access (by their user group membership).
7. Custom Applications -- Only user group privileges control a user's ability to upload custom applications to the Axeda Platform through the Axeda Administration application, edit information about them, and remove them.
8. Custom Objects -- Only the user group privileges control a user's ability to view, create, edit, and delete custom objects.
9. Data items and Data Item Groups -- Users can view data items and data item groups that they have created as well as data items associated with assets to which they have access and data items assigned to data item groups that have been assigned to their user groups. The user group privileges control the user's ability to perform operations on data items and data item groups (create, edit, delete).
10. Dynamic Group Definitions -- Only the user group privileges control a user's ability to view, create, edit, and delete Dynamic Group Definitions.
11. Expression Rules -- Only the user group privileges control a user's ability to view, create, edit, and delete Expression Rules through Axeda Applications Web services or the Axeda® Configuration application.
12. Extended Objects -- Only the user group privileges control a user's ability to view, create, edit, and delete extended objects through Axeda Applications Web services. For extended objects that are directly related to assets, the assignments of assets to asset groups, users to user groups, and asset groups to user groups also determine which extended objects users can see.
13. Geofences -- Only the user group privileges control the abilities to view, create, edit, and delete geofences through Axeda Web services.
14. Locations -- Only users with access to organizations can define locations for those organizations. Users can view locations for assets and organizations to which they have access. If a user creates an organization and a location, the user can see the organization and the location.
15. Maintenance Items -- Maintenances Items are associated with Assets in the Platform. Creating or editing them requires you to have privileges to the assets and to the Configuration application as well as the privileges to create, view, and edit maintenance items (through user group privileges).
16. Notifications -- Only the user group privileges control a user's ability to view, create, edit, and delete notifications.
17. Organizations -- Users can view organizations that they have created as well as organizations associated with assets to which they have access. The user group privileges to the Configuration application, specifically to create, edit, view, and delete organizations, limit access to operations on organizations.
18. Regions -- Users can view regions that they have created as well as regions associated with assets to which they have access. The user group privileges to the Configuration application, specifically to create, edit, view and delete regions, limit access to operations on regions.
19. Rules (old style) -- The user group privileges control a user's ability to view, create, edit, and delete these rules. In addition, when creating (or editing) an old-style rule, users can associate the rule with models and user groups (permissions to edit and to execute). These associations also control access to the rules.
20. Rule Timers -- Only the user group privileges control the abilities to view, create, edit, and delete rule timers through the Configuration application or through Axeda Web services.
21. Software Management Packages and Package Deployments -- User group privileges control a user's ability to create, view, modify, publish, and delete packages. Users can associate user groups for two types of actions - to view and deploy packages and to delete packages. Users must have access to the models/assets to select them for packages.
22. State Machines -- Only the user group privileges control the abilities to view, create, edit, and delete state machines through the Configuration application or through Axeda Web services.
23. Systems -- Only the user group privileges control a user's ability to view, create, edit, and delete systems.
24. Threshold Rules -- Only the user group privileges control the abilities to view, create, edit, and delete threshold rules through Axeda Web services.
25. Usage Items -- Only the user group privileges control a user's ability to view, create, edit, and delete usage items.