In Axeda® Connected Product Management Applications, users are individuals with login access to the Axeda Applications. These individuals must have user accounts and associated user group definitions within the directory service(s) configured for the system.
Note: For information about the directory service operations supported by Axeda Applications, refer to the topic, Support for Directory Service Operations in Axeda® Connected Product Management Applications.
Applications authentications distinguish among three types of users: non-administrative with no responsibilities for managing users and user groups, non-administrative with responsibilities for managing users and user groups, and Administrative, with complete responsibilities for the directory service and all user and user group operations. Typical users are expected to be those non-administrative users who have no responsibilities for managing users and user groups.
o The typical non-administrative user may be defined in one or more user groups and, through the privileges defined for those user groups, have access to multiple assets and the tools of the Axeda® Service application.
o The other type of non-administrative user requires the abilities to view add, modify, and delete users and/or user groups in the directory service. These users need to be members of the ServiceLinkUsers group in the primary directory service. They also need to have privileges to View the Administration application and the pages related to user, user group, and asset group activities and the privileges to view, add, edit, and delete for these pages. Granting privileges to view, add, edit, and delete asset groups also grants the privileges to view, add, edit, and delete dynamic group definitions.
Note: These users cannot create Administrative users, nor can they edit the properties of Administrative users or change non-administrative users into Administrative users.
o The Delegated Administrator user is a non-administrative user who requires the abilities to view, add, modify and delete users, user groups, and Delegated Admin Units. These users need to be members of the ServiceLinkUsers group in the Delegated Administration directory services. They also must have the Administration - View privilege as well as all the privileges to view, add, modify, and delete users, user groups, and Delegated Admin Units. They should also have privileges to view, add, modify, and delete Asset Groups.
Note: These users cannot delete the Delegated Admin Unit in which their account was created nor can they delete the user group created for their Delegated Admin Unit. Finally, they cannot remove the association between the DA Unit's User Group and the Asset Group selected as the "root" Asset Group for the DA Unit.
o Administrative users are super users in that they automatically have access to all users, user groups, privileges, assets, and asset groups, and can use all tools available in the Axeda Applications. Only Administrative users have access to the Administration application by default. In addition, only Administrative users can create models in the Platform. Any non-admin users who need to access the Administration application must be members of user groups to which the various Administration application privileges are assigned, including the "Administration - View" privilege.
The Platform Administrator needs to specify privileges and asset access for user groups. The users within these user groups then inherit those privileges. If the Platform includes Delegated Admin Units, the Delegated Administrators specify privileges and asset access for user groups within their DA Units. These DA Units start with a subset of privileges.
Users are created for Axeda Applications within the directory service or from the Administration application, Create or Edit User wizard. Note that there are restrictions to user management from Axeda® Connected Product Management Applications.
Users inherit their ability to access assets and asset groups and their privileges to perform operations on Platform objects from the user groups to which they are assigned. For information about security for objects without Delegated Administration, refer to Security for Objects in Axeda® Connected Product Management Applications and for information about security for these objects when Delegated Administration is enabled, refer to Security for Objects in Delegated Administration Units.
,