User roles
To specify which features someone has access to or what actions the person can perform, you must define an appropriate user role. User roles contain a list of all the functions and actions that a person can perform.
Warning
User management is only available if it has been enabled for your user account.
Set up a new user role
To set up a new user role:
In the user menu, click on Users.
Click on the User Roles tab at the top in the action bar. On the left side you will see all existing user roles to which you have access.
Click on Add above the left sidebar. Add a name to the new user role and click on Create.
Select all functions and actions that you want to activate for this user role in the Action Rights section. By default, the rights of the previously selected user role are automatically adopted.
Click on Save at the top right. The warning “This user role is not assigned to any user.” is not relevant at the moment. This list later shows all user accounts to which this user role has been assigned.
User roles are structured hierarchically. User roles at lower levels have at most the same rights as the user roles above, but never more.
You can change the hierarchy of user roles by using drag & drop in the left sidebar. Make sure, however, that rights from the released user role are automatically deleted if they are not set in the new user role above.
Assign user roles
In order to assign a user role to a specific user, you can either add the users in the card Users, or you can go to the Users tab, select an existing user or create a new one and select the appropriate user role under User Role.
Every user can only have one user role.
Linked user roles
Linked user roles are user roles of other clients with which they can gain access to your data and are marked with a small arrow . You can use the linked user role to define which actions these users are allowed to perform within your client account.
Data point filters
If you want to restrict users on which data points they are allowed to write, you can assign data point filters to a user role.
If no data point filters are assigned, users with this particular user role can write to all data points. As soon as one or more data point filters are assigned, however, users with this user role are only allowed to write to values of data points located in these data point filters.
Identity provider
If you want to integrate users from external identity providers (such as Azure AD or ADFS), you can specify the name of the user group or user role from the external service.
When external users log in for the first time, a new user account will be created in the system, and the user groups and user role matching the name of the external user groups or user role will automatically be assigned to it.
If the external service doesn’t provide such a user role name, it will automatically be assigned the user role whose Use as Default option is checked. Only one user role can have this option checked.
Warning
If no user role has the Use as Default option checked, users will not be assigned a user role and therefore won’t be able to log in.
In addition to the user groups provided by the external service provider, new users will also automatically be added to all user groups that have the Use as Default option checked, even if they are not related to any external user group.