This chapter is a collection of concepts that are used in Building X apps.
The Siemens ID user account is required to access Building X apps. A user can create a new Siemens ID account after being invited to a company. During the first logging in, the new user is required to create an account in the Siemens ID Self Service Portal. After registration, the user can access My account in the Accounts app to review the available memberships and set up the notification preferences.
A company is considered the top level unit, for example Siemens, and consists of a number of partitions. A company can have multiple locations which can be modeled as campuses with multiple or standalone buildings. The membership of a user in one or more companies is required to use the Building X apps.
A Subscription is a contractual arrangement to use 1...n purchasable Building X apps. The subscription gives access to a set of apps that is tailored for a specific use case. All subscriptions give access to the three platform applications: Accounts, Devices and Data Setup.
User roles are a predefined set of permissions for a specific app. In Building X, two types of roles exist: Platform roles and app specific user roles. The three platform roles each give access to the complex functions of the platform apps Accounts, Devices and Data Setup and are tailored to a specific use case, like Application Engineer. To give access to the functions of the other applications of a subscription, the app specific user role is required. Most apps have three levels of permissions: Basic, Standard and Advanced. User roles cannot be given directly to a user, but are managed by creating User groups for each of the available user roles.
User groups grant access to a partition of a company and at the same time give the users in the user group a specific level of permissions. A user group can give access to multiple partitions but can only contain one user role. To give a user multiple user roles, the user must be added to the according user groups. For example, a user needs both the Application Engineer platform role and the Operations Manager – Advanced user role for a partition of the company. This user needs to be a member of two user groups that have these roles and give access to the same partition.
A user is a person that is a member of at least one company and has been granted access to at least one partition. A user needs an account to access any Building X app. Access can be given either by the Customer administrator of a company or by Siemens or a Third Party at Customer’s request and authorization.
A machine user is a virtual user that can perform a specific set of actions in the background. For machine users, a set of machine user roles is available. To give a machine user access to a partition, the machine user needs to be a member of a user group with the required machine user role and access to the required partition.
Partitions are logical groupings of data within a subscription of a company. Partitions allow for granular access rights on different clusters of data for the same user in the same company.
- Company ABC consists of Subscription A and Subscription B.
- Subscription A has been split into Partition A1 and Partition A2.
- Subscription B has been split into Partition B1, Partition B2 and Partition B3.
A user U1 is given membership to user groups which have advanced (read + write) role access to Partition A1 and B1, and basic (read-only) role access to Partition A2 and B2. U1 is not given access to Partition B3.
As a result, the user U1 will be able to fully view and work with data from Partition A1 and B1, only be able to view data from Partition A2 and B2 and will not be able to access data from Partition B3.
A site is a representation of the company with a real address. A site can either be a single building or a campus with multiple buildings. A company and partition can have multiple sites. If a campus is added to a partition, all buildings within that campus are part of the chosen partition.