specs/models/M_USER_ROLE

User Role

A user role determines what data in the system a user has access to and what changes they are permitted to make. There are two broad categories of user roles:

  1. Admin roles - these users can log into the admin console and make changes according to their specific role type. The admin roles:
    • Account Owner - Has full access rights to all assets and account-level settings, and manages users
    • Administrator - Has full access rights to all assets
    • Connector Supervisor - Can build apps, and manage all connectors and connector functions
    • Station Supervisor - Can build apps, and manage all stations, machines, machine data sources, and devices
    • Tulip Tables Supervisor - Can build apps and manage all Tulip Tables
    • Application Engineer - Can build apps
    • Viewer - Can only view assets
  2. Operators - these users can log in to the Tulip Player and run Tulip apps.
AccountAppsTablesStationsDisplay DevicesMachinesConnectorsAnalysesCompletions
Update Account Settings (Update Logo, etc,)Create/Update/Delete Approval TypesDeactivate User, Update User InfoAdd UserAssign RoleEdit RoleCreateReadUpdateDeactivateApprove New VersionsCreateReadUpdateDeactivateCreateReadUpdateDeleteCreateReadUpdateDeleteCreateReadUpdateDeleteOPC ConnectorsSQL + HTTP ConnectorsCreateReadUpdateDeleteCreateReadUpdateDelete
CreateReadUpdateDeactivateCreateReadUpdateDeactivate
Account OwnerXXXXXXXXXXxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AdministratorXXXXxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
OperatorX - On Player OnlyX - with Sharable LinkX- on Player OnlyXX- on Player Only
Application EngineerXXXXxX - with Sharable LinkXXXXXX
Station SupervisorXXXXxXXXXXXXXXXXXXXXXXXXXXX
Tulip Table SupervisorXXXXxXXXXX - with Sharable LinkXXXXXX
Connector SupervisorXXXXxX - with Sharable LinkXXXXXXXXXXXXXX
ViewerXXXX - with Sharable LinkXXXXXX
Viewer w/ Player AccessX (Tulip + Player)XXXXXXXXXX

Tests

IDName
QA-T17User Management : 09 - Login to /player using new badge ID
QA-T173SAML : 05 - Operators should not be allowed to login to Factory on SAML
QA-T177SAML : 08 - Operators whose role changes to Administrator in SAML should be promoted to Administrator in Tulip
QA-T178SAML : 07 - Administrators whose role changes to Operator in SAML should be demoted to Operator in Tulip
QA-T260User Roles : 01 - Account Owners can add other Account Owners
QA-T261User Roles : 03 - Account Owners can edit other users' profiles
QA-T262User Roles : 02 - Account Owners can create users
QA-T263User Roles : 04 - Account Owners should be able to deactivate/reactivate users
QA-T264User Roles : 05 - Administrators should not be able to manage users
QA-T265User Roles : 06 - Tulip Table Supervisors should not be able to manage connectors
QA-T266User Roles : 07 - Tulip Table Supervisors should not be able to manage the shop floor
QA-T267User Roles : 08 - Viewers should be unable to modify data in Tulip
QA-T332LDAP Tulip Managed : 02 - Users can log in via LDAP

Requirements

IDRequirement
28Provide a method for defining privileges to Master Data access and modification by role at element level. Eg. configuration of role or user group for a App or App component and what privileges they have such as view, comment, edit, approve, etc.
34System date and time cannot be changed by users during normal operation and production execution. Only admin with appropriate privileges can change system date and time.
47Manage access to system administration and maintenance functions to users with appropriate privileges
810Provide managed authorized access to all records and electronic signatures including data, information, configurations, and data files.
821Ability to define access security levels for records and electronic signatures. Ie. user groups and user roles and their associated priveleges to system resources and data
842Support specific number of concurrent users as defined by customer license agreements and SLAs