specs/models/M_USER_ROLE
User Role
A user role determines what data in the system a user has access to and what changes they are permitted to make. The resources that each role can access is detailed in the table below.
| App Builder | Application Engineer | Approver | Account Owner | Workspace Owner | Administrator | Station Supervisor | Station Operator | Tulip Table Supervisor | Connector Supervisor | Viewer (with Player Access) | Viewer | Operator | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Settings | |||||||||||||
| Update Account Settings | X | ||||||||||||
| Update Workspace Settings | X | X | |||||||||||
| Manage Approval Types | X | X | |||||||||||
| Users | |||||||||||||
| Deactivate | X | X | |||||||||||
| Edit | X | X | |||||||||||
| Add | X | X | |||||||||||
| Assign Roles | X | X | |||||||||||
| Edit Roles | X | X | |||||||||||
| Apps | |||||||||||||
| Create/Restore | X | X | X | X | X | X | X | X | |||||
| Read | X | X | X | X | X | X | X | X | X | X | X (Tulip and Player) | X (Tulip Only) | X (Player only) |
| Update | X | X | X | X | X | X | X | X | |||||
| Delete/Archive | X | X | X | X | X | X | X | X | |||||
| Approve New Versions | X | X | X | X | X | X | X | X | |||||
| Modify Permissions | X | X | X | X | X | X | X | X | |||||
| Run Apps in Player | X | X | X | X | X | X | X | X | X | X | X | X | |
| Test Apps in Dev Mode | X | X | X | X | X | X | X | X | X | ||||
| Add Approvers | X | X | X | X | X | ||||||||
| Tables | |||||||||||||
| Create | X | X | X | X | |||||||||
| Read | X | X | X | X | X | X | X | X | X | ||||
| Update from Player | |||||||||||||
| Update | X | X | X | X | |||||||||
| Delete | X | X | X | X | |||||||||
| Machines | |||||||||||||
| Create | X | X | X | X | X | ||||||||
| Read | X | X | X | X | X | X | X | X | X | X | |||
| Update | X | X | X | X | X | ||||||||
| Delete | X | X | X | X | X | ||||||||
| Devices | |||||||||||||
| Create | X | X | X | X | X | X | |||||||
| Read | X | X | X | X | X | X | X | X | X | X | |||
| Update | X | X | X | X | X | ||||||||
| Delete | X | X | X | X | X | ||||||||
| Stations | |||||||||||||
| Create | X | X | X | X | X | X | |||||||
| Read | X | X | X | X | X | X | X | X | X | X | |||
| Update | X | X | X | X | X | ||||||||
| Delete | X | X | X | X | X | ||||||||
| OPC UA Connectors | |||||||||||||
| Create | X | X | X | X | X | ||||||||
| Read | X | X | X | X | X | X | X | X | X | X | |||
| Update | X | X | X | X | X | ||||||||
| Delete | X | X | X | X | X | ||||||||
| SQL + HTTP Connectors | |||||||||||||
| Create | X | X | X | X | |||||||||
| Read | X | X | X | X | X | X | X | X | X | ||||
| Update | X | X | X | X | |||||||||
| Delete | X | X | X | X | |||||||||
| Analytics | |||||||||||||
| Create | X | X | X | X | X | X | X | X | X | ||||
| Read | X | X | X | X | X | X | X | X | X | X | X | X | X |
| Update | X | X | X | X | X | X | X | X | X | ||||
| Delete | X | X | X | X | X | X | X | X | X | ||||
| Completions | |||||||||||||
| Create | X | X | X | X | X | X | X | X | X | ||||
| Read | X | X | X | X | X | X | X | X | X | X | X | X | X |
| Update | |||||||||||||
| Delete | |||||||||||||
| Player | |||||||||||||
| Register a Player | X | X | X | X | X | ||||||||
| Camera Configuration | |||||||||||||
| Create | X | X | X | X | |||||||||
| Read | X | X | X | X | |||||||||
| Update | X | X | X | X | |||||||||
| Delete | X | X | X | X | |||||||||
| Vision Detector | |||||||||||||
| Create | X | X | X | X | |||||||||
| Read | X | X | X | X | |||||||||
| Update | X | X | X | X | |||||||||
| Delete | X | X | X | X |
Tests
| ID | Name |
|---|---|
| QA-T17 | User Management : 09 - Login to /player using new badge ID |
| QA-T173 | SAML : 05 - Operators should not be allowed to login to Factory on SAML |
| QA-T177 | SAML : 08 - Operators whose role changes to Administrator in SAML should be promoted to Administrator in Tulip |
| QA-T178 | SAML : 07 - Administrators whose role changes to Operator in SAML should be demoted to Operator in Tulip |
| QA-T260 | User Roles : 01 - Account Owners can add other Account Owners |
| QA-T261 | User Roles : 03 - Account Owners can edit other users' profiles |
| QA-T262 | User Roles : 02 - Account Owners can create users |
| QA-T263 | User Roles : 04 - Account Owners should be able to deactivate/reactivate users |
| QA-T264 | User Roles : 05 - Administrators should not be able to manage users |
| QA-T265 | User Roles : 06 - Tulip Table Supervisors should not be able to manage connectors |
| QA-T266 | User Roles : 07 - Tulip Table Supervisors should not be able to manage the shop floor |
| QA-T267 | User Roles : 08 - Viewers should be unable to modify data in Tulip |
| QA-T308 | 09: User permissions get checked when viewing video |
| QA-T332 | LDAP Tulip Managed : 02 - Users can log in via LDAP |
| QA-T636 | Workspaces : 01 - Login with different roles |
| QA-T655 | LDAP Tulip Managed : 02 / Operators can't log into Factory via LDAP |
Requirements
| ID | Requirement |
|---|---|
| 28 | Provide a method for defining privileges to Master Data access and modification by role at element level. Eg. configuration of role or user group for a App or App component and what privileges they have such as view, comment, edit, approve, etc. |
| 34 | System date and time cannot be changed by users during normal operation and production execution. Only admin with appropriate privileges can change system date and time. |
| 47 | Manage access to system administration and maintenance functions to users with appropriate privileges |
| 810 | Provide managed authorized access to all records and electronic signatures including data, information, configurations, and data files. |
| 821 | Ability to define access security levels for records and electronic signatures. Ie. user groups and user roles and their associated priveleges to system resources and data |
| 842 | Support specific number of concurrent users as defined by customer license agreements and SLAs |