specs/models/M_USER_ROLE

User Role

A user role determines what data in the system a user has access to and what changes they are permitted to make. The resources that each role can access is detailed in the table below.

App BuilderApplication EngineerApproverAccount OwnerWorkspace OwnerAdministratorStation SupervisorStation OperatorTulip Table SupervisorConnector SupervisorViewer (with Player Access)ViewerOperator
Settings
Update Account SettingsX
Update Workspace SettingsXX
Manage Approval TypesXX
Users
DeactivateXX
EditXX
AddXX
Assign RolesXX
Edit RolesXX
Apps
Create/RestoreXXXXXXXX
ReadXXXXXXXXXXX (Tulip and Player)X (Tulip Only)X (Player only)
UpdateXXXXXXXX
Delete/ArchiveXXXXXXXX
Approve New VersionsXXXXXXXX
Modify PermissionsXXXXXXXX
Run Apps in PlayerXXXXXXXXXXXX
Test Apps in Dev ModeXXXXXXXXX
Add ApproversXXXXX
Tables
CreateXXXX
ReadXXXXXXXXX
Update from Player
UpdateXXXX
DeleteXXXX
Machines
CreateXXXXX
ReadXXXXXXXXXX
UpdateXXXXX
DeleteXXXXX
Devices
CreateXXXXXX
ReadXXXXXXXXXX
UpdateXXXXX
DeleteXXXXX
Stations
CreateXXXXXX
ReadXXXXXXXXXX
UpdateXXXXX
DeleteXXXXX
OPC UA Connectors
CreateXXXXX
ReadXXXXXXXXXX
UpdateXXXXX
DeleteXXXXX
SQL + HTTP Connectors
CreateXXXX
ReadXXXXXXXXX
UpdateXXXX
DeleteXXXX
Analytics
CreateXXXXXXXXX
ReadXXXXXXXXXXXXX
UpdateXXXXXXXXX
DeleteXXXXXXXXX
Completions
CreateXXXXXXXXX
ReadXXXXXXXXXXXXX
Update
Delete
Player
Register a PlayerXXXXX
Camera Configuration
CreateXXXX
ReadXXXX
UpdateXXXX
DeleteXXXX
Vision Detector
CreateXXXX
ReadXXXX
UpdateXXXX
DeleteXXXX

Tests

IDName
QA-T17User Management : 09 - Login to /player using new badge ID
QA-T173SAML : 05 - Operators should not be allowed to login to Factory on SAML
QA-T177SAML : 08 - Operators whose role changes to Administrator in SAML should be promoted to Administrator in Tulip
QA-T178SAML : 07 - Administrators whose role changes to Operator in SAML should be demoted to Operator in Tulip
QA-T260User Roles : 01 - Account Owners can add other Account Owners
QA-T261User Roles : 03 - Account Owners can edit other users' profiles
QA-T262User Roles : 02 - Account Owners can create users
QA-T263User Roles : 04 - Account Owners should be able to deactivate/reactivate users
QA-T264User Roles : 05 - Administrators should not be able to manage users
QA-T265User Roles : 06 - Tulip Table Supervisors should not be able to manage connectors
QA-T266User Roles : 07 - Tulip Table Supervisors should not be able to manage the shop floor
QA-T267User Roles : 08 - Viewers should be unable to modify data in Tulip
QA-T30809: User permissions get checked when viewing video
QA-T332LDAP Tulip Managed : 02 - Users can log in via LDAP
QA-T636Workspaces : 01 - Login with different roles
QA-T655LDAP Tulip Managed : 02 / Operators can't log into Factory via LDAP

Requirements

IDRequirement
28Provide a method for defining privileges to Master Data access and modification by role at element level. Eg. configuration of role or user group for a App or App component and what privileges they have such as view, comment, edit, approve, etc.
34System date and time cannot be changed by users during normal operation and production execution. Only admin with appropriate privileges can change system date and time.
47Manage access to system administration and maintenance functions to users with appropriate privileges
810Provide managed authorized access to all records and electronic signatures including data, information, configurations, and data files.
821Ability to define access security levels for records and electronic signatures. Ie. user groups and user roles and their associated priveleges to system resources and data
842Support specific number of concurrent users as defined by customer license agreements and SLAs