specs/models/M_USER_ROLE

User Role

A user role determines what data in the system a user has access to and what changes they are permitted to make. There are two broad categories of user roles:

  1. Admin roles - these users can log into the admin console and make changes according to their specific role type. The admin roles:
    • Account Owner - Has full access rights to all assets and account-level settings, and manages users
    • Administrator - Has full access rights to all assets
    • Connector Supervisor - Can build apps, and manage all connectors and connector functions
    • Station Supervisor - Can build apps, and manage all stations, machines, machine data sources, and devices
    • Tulip Tables Supervisor - Can build apps and manage all Tulip Tables
    • Application Engineer - Can build apps
    • Viewer - Can only view assets
  2. Operators - these users can log in to the Tulip Player and run Tulip apps.
AccountAppsTablesDevices/StationsMachinesConnectorsAnalysesCompletions
Update Account Settings (Update Logo, etc,)Create/Update/Delete Approval TypesDeactivate User, Update User InfoAdd UserAssign RoleEdit RoleCreateReadUpdateDeleteApprove New VersionsCreateReadUpdateDeleteCreateReadUpdateDeleteCreateReadUpdateDeleteOPC ConnectorsSQL + HTTP ConnectorsCreateReadUpdateDeleteCreateReadUpdateDelete
CreateReadUpdateDeleteCreateReadUpdateDelete
Account OwnerXXXXXXXXXXxXXXXXXXXXXXXXXXXXXXXXXXXXX
AdministratorXXXXxXXXXXXXXXXXXXXXXXXXXXXXXXX
OperatorX - On Player OnlyX- on Player OnlyXX- on Player Only
Application EngineerXXXXxXXXXXX
Station SupervisorXXXXxXXXXXXXXXXXXXXXXXX
Tulip Table SupervisorXXXXxXXXXXXXXXX
Connector SupervisorXXXXxXXXXXXXXXXXXXX
ViewerXXXXXXXX
Viewer w/ Player AccessX (Tulip + Player)XXXXXXXX

Tests

IDName
QA-T17User Management : 09 - Login to /player using new badge ID
QA-T173SAML : 05 - Operators should not be allowed to login to Factory on SAML
QA-T177SAML : 08 - Operators whose role changes to Administrator in SAML should be promoted to Administrator in Tulip
QA-T178SAML : 07 - Administrators whose role changes to Operator in SAML should be demoted to Operator in Tulip
QA-T260User Roles : 01 - Account Owners can add other Account Owners
QA-T261User Roles : 03 - Account Owners can edit other users' profiles
QA-T262User Roles : 02 - Account Owners can create users
QA-T263User Roles : 04 - Account Owners should be able to deactivate/reactivate users
QA-T264User Roles : 05 - Administrators should not be able to manage users
QA-T265User Roles : 06 - Tulip Table Supervisors should not be able to manage connectors
QA-T266User Roles : 07 - Tulip Table Supervisors should not be able to manage the shop floor
QA-T267User Roles : 08 - Viewers should be unable to modify data in Tulip
QA-T332LDAP Tulip Managed : 02 - Users can log in via LDAP