Each user in Edge2Cloud has a set of roles. Roles define what a user can and cannot do.
When assigning roles, think about what the user will need to do and what part of the Desigo Optic ecosystem they will oversee.
Will your user work at an organizational level or below that? e.g., at the level of users or devices.
If your user will work with more than one category (e.g, both users and devices), you may need to assign them more than one role.
What will they need to do with those assets? Will they only view information about what they oversee, or will they also need the ability to edit and delete? Are there any special tasks they must perform, such as configuring user access, single sign on, or platform settings?
To follow best security practices, assign users the access level that will allow them to complete their job without unneeded privileges. Reference the role tables in the appendix as a quick guide for complete and concise role assignment.
Before delving into specific roles, remembering the general meaning of the following labels may prove helpful:
- Managers can only register what they oversee.
- Operators can view every instance of what they oversee.
- Admin can view, edit and delete the information regarding what they oversee.
- Remote Roles that apply to users who access Desigo Optic remotely. Applied to the roles of operator, administrator, and super user.
Device Manager | Can register new devices with Edge2Cloud. See Device registration for more information. |
Device Op | Can view all device, project, and site information that belongs to an organization. |
Device Admin | Can view, edit, and delete information about devices, projects, and sites in an organization. |
Remote Op | Can: Remotely access site and projects. Remotely view and edit system model components in Desigo Optic, such as set points and graphics. Remotely view project stats in-real-time. |
Remote Admin | Can remotely view, edit, and delete devices and user information. |
Remote Super User | Can remotely make edits at the system level using administrative access. For example, configuring single sign on for a device, licensing a server, manually synchronizing Desigo Optic with Edge2Cloud, or viewing and configuring the Cloud app. Super users act as a hands-on expert and public ambassador for a system. They conduct training, answer user questions, and maintain a working knowledge of the system in every aspect. |
User Op | Can view all users in an organization. Can view the organization's audit log. |
User Admin | Can view, edit, and delete users and user roles in an organization. Can view the organization's audit log |
Organization Op | Can view all sub-organizations associated with an organization. |
Organization Admin | Can edit details about this organization. If the organization is a Distribution Partner or a System Integrator, the organization admin can add new sub-organizations. |