In this article, we will learn how to set up new roles and security permissions.
NOTE: This is accessible to admins only. Please contact an admin on your account to have them set this up. This article also presupposes a basic setup for users and general roles have already been established.
ROLE: A grouping that contains users and the security permissions they have.
SECURITY: Permissions that are given to roles, eg. who can see what, and what access to functions they will will be given.
First, we need to know what our access and security needs are, and who will get said access. Let's start out with creating a role which will be assigned to users. Start by clicking the Admin Wrench and changing the drop down to "Roles".
Click "Add Role" to the right. Here, we will set up who goes into the role, and what security, or access, they have to the site. The General tab will let us name the Role, as well as give it a description. It's important to be as descriptive as possible, so that other admins (and eLynx support) will know exactly what this role is used for when troubleshooting or adding users. Click Next when done.
Here, we will add users. If you don't have any you want to assign, you can skip this step. Hit Next after you're finished.
Here, we have three options:
1) Do not assign- If you don't want to give any security permissions, select this and Save.
2) Assign simple permissions- This will let you assign basic permissions. If your organization doesn't need to restrict users by group or device, use this option. Basic users will usually get read-only access, while higher level users can be give admin access (note: administrative access should only be granted to individuals who are very familiar with the system as these permissions allow for unrestricted changes.)
3) Assign advanced- This is for organizations that need to restrict users to certain groups or devices. This is more involved, and where the rest of the article will continue.
This page is where will assign the specific permissions used on your page.
1) Group: Select the group in which you'd like to work. It's advisable to select this first, as creating security permissions in the wrong group will supersede any security permissions given to groups nested further down the tree.
EX: If I create a security group in the parent "Acme Oil and Gas", then the user will be able to see EVERYTHING in that group, including subgroups. If you want to restrict them to a group nested further down, select that before continuing. NOTE: This is a very crucial step.
For example, here I've gone down to the "CompressorStation" group, where I will make my restrictions. As you can see, there are 5 devices within that group.
Next, we can select how to restrict the permissions used in this group. Our options are Group, Device, Tag Type, and Well.
Group- This is used to restrict how a user can interface with the group. This is the most common and preferred way to use the security permissions. The reason is, if a group is how you want to direct security, then all you will need to do is add and remove devices in this grouping. NOTE: If you choose to restrict by device, then you will need to be sure to change that option each time a user or device is added. If you chose to restrict by group, then the security options will already be configured as you add and remove users and devices.
Device- This is used to restrict by device. This option isn't the preferred method, as you will need to add each one individually. If you put the devices you want in a group, then the security options will encompass everything there. This is really only used if you have an excess of grouping in your hierarchy and don't want to add another just for the purposes of limiting a handful of users to a select few devices.
Tag Type- This is used to restrict viewing or changing on a tag by tag basis, ex. you only want a user to see flow and pressure on a site or sites, and not the gas analysis. You will need to know the exact Tag Type, which can be found under Device Details>"Select tag">Properties>Tag Type.
Well Permissions- This will restrict the grouping to only the selected wells.
After we've decided how to restrict the security options (in this example I'm giving them view only access to the group, but the steps to restrict by device, tag type, and well are the same) Note: you can click "View/Modify/etc" at the top of the column to select all of the options below.
Click the arrow at the top right to assign the options to a security profile or individual users.
For this example, we're going to use the "Test Role" role we created earlier. Note that we can also restrict by users.
Click OK, and then Save. We have now restricted anyone within the Testing Role to view only the objects in the "CompressorStation" group.
If you'd like to make any changes to either the Role or the Security Permissions, you can click the pencil next to the name and make any changes you'd like.
Also, as you can see under Role Admin, you can click Membership and Security to see a quick view of who is in the Role (none are assigned here) and under Security you can see what group they are restricted to and what restrictions they have.