User groups provide a way of organizing users defined in the primary directory service for this Axeda® Platform, and for defining specific application privileges for a select group of users. The user groups may first be created in the directory service or created from the Axeda® Administration application, New menu -> User Group. Note that there are restrictions to user and user group management from Axeda® Connected Product Management Applications.
From the Administration application, administrators can create and remove user groups (if supported by your directory service). Displayed user groups are those defined in the directory service, ServiceLinkUsers group, and available for configuration within the Axeda Applications. Creating and configuring a user group in the directory service makes that group available for the Axeda Applications. If supported by your directory service, you can delete a user group from the Administration application; once you delete it in the application, that user group will no longer appear for use in the Applications and will be removed from the directory service as well.
Before attempting to add user groups, make sure that you have planned for them. Axeda strongly recommends that you have user groups for privileges to the Applications and user groups for access to assets. Although you can combine applications privileges and asset group security in the same user group, Axeda strongly recommends that you keep them separate. This separation allows for easy maintenance as your user population and the assets you manage with Axeda Platform change. You'll need to map out your users, their job responsibilities, the assets for which they are responsible, the application pages and tools they'll require to do their jobs, and finally the user groups to which you will assign them. You should assign each user to one Privilege-based user group and to one Asset-security-based user group; these group types are defined as follows:
o Privilege-based user groups - These user groups are based on privileges to the Axeda Applications; that is, who are the users and which privileges do they need to do their jobs?
o Asset security-based user groups - These user groups are based on asset security; that is, who are the users and to which assets do they need access to do their jobs? The users who are members of a user group have access to all assets that are members of Asset Groups assigned to their user group.
Once you have created the user groups, you can assign each user to one privilege-based user group and one asset security-based user group, according to their jobs.
IMPORTANT! Although the Platform allows it, do NOT nest user groups. If you want to do this, please contact Axeda Technical Support before you try it.
Managing user groups for Axeda Applications involves viewing and editing user group properties and (if appropriate) removing user groups from the Applications. If a user group is removed in error, it needs to be recreated in the Administration application.
Note:
At least two groups must be created in the primary directory service for
Axeda Applications: ServiceLinkAdmins and ServiceLinkUsers. In addition,
for a Sun ONE LDAP server used for the primary directory service for Axeda
Applications, the ServiceLinkLdapAdmins group should also be created.
(If your configuration has different naming requirements, you need to
change the configurations in the Axeda Applications and in the directory
service as required. Refer to the installation guide for your Axeda® Enterprise Server.
Absolutely all individuals who need access to the Axeda Applications need
to be defined in the ServiceLinkUsers group. In addition, any users who
need administrative access to the Applications must be included in the
ServiceLinkAdmins group.
For information about security for objects in the Platform, refer to Security for Objects in Axeda® Connected Product Management Applications and for information about security for these objects when Delegated Administration is enabled, refer to Security for Objects in Delegated Administration Units.