First released in version: 3.2 Last updated in version: 3.7

Users and roles

Use the Users and roles workspace to create and manage roles and their associated permissions, and to associate users, groups and email addresses with them. For a detailed explanation of users and roles in SmartSpace, see Users and roles in the Smart Workers section of the website.

With the licensing of the Visibility component, authorized users can manage users and roles using the browser-based Roles screen in SmartSpace Web.

The Users and roles workspace

The Users and roles workspace is a configuration interface for creating roles, adding members to those roles and assigning the searches, editable properties and views visible to the members of a role.

Click on USERS / ROLES to display the workspace.

screen shot of users and roles workspace

The workspace is divided into three main areas which are described in the following sections:

Working with users and roles

Adding a New Role

To add a new role in the Users and roles workspace:

  1. Double-click <Create new role>.

screen shot showing opening the create new role dialog

  1. Give the role a name and click Create. The new role is added to the list of existing roles.

Default Roles

SmartSpace is supplied with the following roles which control access to different parts of SmartSpace Web:

  • System.Operator: members of the System.Operator role can access the Tag and Battery Status screen and the Sensor Status screen.
  • System.Manager: members of the System.Manager role can access the Roles screen and the Shifts screen.
  • Ubisense.SmartSpace.Administrator: if Reports engine developer is licensed, members of the Ubisense.SmartSpace.Administrator role can view all reports and create and edit new ones.

These roles are nested: System.Manager is a member of System.Operator; and Ubisense.SmartSpace.Administrator is a member of System.Manager. This means that the permissions are inherited so that by default the different roles can access screens in SmartSpace Web as follows:

  Report Creation HMI Creation Roles Shifts Tags Sensors
System.Operator

 

 

 

 

System.Manager

 

 

Ubisense.SmartSpace.Administrator

From SmartSpace 3.7, additional default roles are available that enable finer control of access to different parts of SmartSpace Web including the Automated tag association feature from Location rules. These new permissions do not change the System.Operator, System.Manager and Ubisense.SmartSpace.Administrator roles. The additional roles are organized as follows:

Role   Has members... Allows you to...
System.Web.AssociationAdmin System.Operator
System.Web.AssociationViewer System.Web.AssociationAdmin View the Association screen in SmartSpace Web
System.Web.HMIAdmin Ubisense.SmartSpace.Administrator Create HMIs, and add roles to control access
System.Web.ReportAdmin Ubisense.SmartSpace.Administrator Create reports and their constituent parts, add roles to reports
System.Web.RolesAdmin System.Manager
  • View roles

  • Create and manage roles, assign searches and screens, add members

System.Web.RolesViewer System.Web.RolesAdmin View roles
System.Web.SensorsAdmin System.Operator
  • View the status of sensors

  • Reboot, swap, (de)activate, and add comments to, sensors

System.Web.SensorsViewer System.Web.SensorsAdmin View the status of sensors
System.Web.ShiftsAdmin System.Manager
  • View shifts, shift patterns, and overrides

  • Create shifts, shift patterns and add overrides

System.Web.ShiftsViewer System.Web.ShiftsAdmin View shifts, shift patterns, and overrides
System.Web.TagsAdmin System.Operator
  • View the Tags screen in SmartSpace Web

  • Change tag types and update tag battery status

System.Web.TagsViewer System.Web.TagsAdmin View the Tags screen in SmartSpace Web

Adding Users, Groups, Roles and Email Addresses to a Role

To add groups from a connected directory service, ensure that you have first configured a connection as described in Directory services.

To add a new user, group or role to a role, select the role and then double-click <Add a new member>.

screen shot showing how to add a new user to a role

You can only select the Send notification emails and Display notifications on map check boxes if you are adding a group to the role.

This is the expected behavior.

Notifications are generated when you use the Notify action in the Business rules engine.

Notify accepts several different inputs:

  • Named user
  • Email address
  • Group name

For the first two, notify generates a web map popup or an email notification respectively. It’s obvious what is being requested at the rules engine level because of the type of input.

Groups, however, could contain both users and email addresses, so you have to tell the system if you want one or both (maps notifications and emails) explicitly. Otherwise you run the risk of sending alert emails to everyone in an active directory group when all you wanted was popups on the web map.

Managing Roles and Members

Editing the membership of roles is a matter of adding new members in the same way as described in Adding Users, Groups, Roles and Email Addresses to a Role. You can delete existing members by selecting them in the members list and pressing Delete.

Roles can be added as described in Adding a New Role or removed by selecting them in the roles list and pressing Delete.

Access Control Management

Access control for roles determines what users are allowed to see and do with features of the SmartSpace web, including which searches they can see, which properties they can edit, and which views are used to return located objects to the web map.

Adding searches to roles

You can add searches in different combinations to the roles that you have configured. To add searches that have been defined in the Web searches workspace (see Configuring web searches), drag them into the Search list owned by the currently selected role.

screen shot showing how to drag a search from the list of searches into the list of searches permitted for a role

Making properties editable by roles

You can define how users interact with the value in a property by assigning editable properties to one or more roles. All other properties returned by a search or on web form will be view only. To define how a role can interact with a property, select the role from the Role list and double-click the name of a property.

Depending on the type of access you wish to give the role, enter the required information and click Update to save the details.

Adding views to roles

You can define regions of your site that can be viewed by the different roles you have configured. You use areas of your site that have been defined using the Cells workspace (see Cells for further information) and these are displayed in the list of views. To configure views, drag them into the Views list of the currently selected role.

screen shot showing list of available views and the views asssigned to a role