specs/models/M_USER_ROLE

User Role

A user role determines what data in the system a user has access to and what changes they are permitted to make. The resources that each role can access is detailed in the table below.

App BuilderApplication EngineerApproverAccount OwnerWorkspace OwnerAdministratorStation SupervisorStation OperatorTulip Table SupervisorConnector SupervisorViewer (with Player Access)ViewerOperator
Settings
Update Account SettingsX
Update Workspace SettingsXX
Manage Approval TypesXX
Users
DeactivateXX
EditXX
AddXX
Assign RolesXX
Edit RolesXX
Apps
Create/RestoreXXXXXXXX
ReadXXXXXXXXXXX (Tulip and Player)X (Tulip Only)X (Player only)
UpdateXXXXXXXX
Delete/ArchiveXXXXXXXX
Approve New VersionsXXXXXXXX
Modify PermissionsXXXXXXXX
Run Apps in PlayerXXXXXXXXXXXX
Test Apps in Dev ModeXXXXXXXXX
Add ApproversXXXXX
Tables
CreateXXXX
ReadXXXXXXXXX
Update from Player
UpdateXXXX
DeleteXXXX
Machines
CreateXXXXX
ReadXXXXXXXXXX
UpdateXXXXX
DeleteXXXXX
Devices
CreateXXXXXX
ReadXXXXXXXXXX
UpdateXXXXX
DeleteXXXXX
Stations
CreateXXXXXX
ReadXXXXXXXXXX
UpdateXXXXX
DeleteXXXXX
OPC UA Connectors
CreateXXXXX
ReadXXXXXXXXXX
UpdateXXXXX
DeleteXXXXX
SQL + HTTP Connectors
CreateXXXX
ReadXXXXXXXXX
UpdateXXXX
DeleteXXXX
Analytics
CreateXXXXXXXXX
ReadXXXXXXXXXXXXX
UpdateXXXXXXXXX
DeleteXXXXXXXXX
Completions
CreateXXXXXXXXX
ReadXXXXXXXXXXXXX
Update
Delete
Player
Register a PlayerXXXXX
Camera Configuration
CreateXXXX
ReadXXXX
UpdateXXXX
DeleteXXXX
Vision Detector
CreateXXXX
ReadXXXX
UpdateXXXX
DeleteXXXX

Tests

IDName
QA-T17User Management : 09 - Login to /player using new badge ID
QA-T173SAML : 05 - Operators should not be allowed to login to Factory on SAML
QA-T260User Roles : 01 - Account Owners can add other Account Owners
QA-T261User Roles : 03 - Account Owners can edit other users' profiles
QA-T262User Roles : 02 - Account Owners can create users
QA-T263User Roles : 04 - Account Owners should be able to deactivate/reactivate users
QA-T264User Roles : 05 - Administrators should not be able to manage users
QA-T265User Roles : 06 - Tulip Table Supervisors should not be able to manage connectors
QA-T266User Roles : 07 - Tulip Table Supervisors should not be able to manage the shop floor
QA-T267User Roles : 08 - Viewers should be unable to modify data in Tulip
QA-T30809: User permissions get checked when viewing video
QA-T332LDAP Tulip Managed : 02 - Users can log in via LDAP
QA-T636Workspaces : 01 - Login with different roles
QA-T655LDAP Tulip Managed : 02 / Operators can't log into Factory via LDAP
QA-T708User Roles : 05 - Administrator role
QA-T749Workspaces : 10 / - Failing to create a new user with email registered in another workspace
QA-T750Workspaces : 11 / - Failing to run an app from another workspace
QA-T751Workspaces : 12 / - Workspace owner cannot access other workspaces

Requirements

IDRequirement
PLAT-8769 (842)Support specific number of concurrent users as defined by customer license agreements and SLAs
PLAT-8776 (34)System date and time cannot be changed by users during normal operation and production execution. Only admin with appropriate privileges can change system date and time.
PLAT-8802 (28)Provide a method for defining privileges to Master Data access and modification by role at element level. Eg. configuration of role or user group for a App or App component and what privileges they have such as view, comment, edit, approve, etc.
PLAT-8835 (47)Manage access to system administration and maintenance functions to users with appropriate privileges
PLAT-8890 (810)Provide managed authorized access to all records and electronic signatures including data, information, configurations, and data files.
PLAT-8903 (821)Ability to define access security levels for records and electronic signatures. Ie. user groups and user roles and their associated priveleges to system resources and data