An enterprise can set different hierarchical privileges with specific users based on their real function in the enterprise. This allows avoiding situations where users perform non-authorized actions which may potentially lead to critical functional failures.
Thus, to take these requirements into account, ThingPark Enterprise supports several administrative roles:
Any user of ThingPark Enterprise must be associated with one of the following roles:
An Administrator with full read/write (R/W) access privileges, to manage User Accounts, Domains, Service Accounts, Settings, Base Stations, Devices, Multicast Groups, Connections and the license.
A non-Administrator user with read-only (RO) access privileges to the ThingPark Enterprise application, plus optionally:
R/W Access for Devices, Multicast Groups, and Connections' management.
R/W Access for Base Stations' management.
The Administrator of the ThingPark Enterprise subscription can update the roles/permissions of already-created users at any time.
The role assigned to each user determines whether they have write permission on the resources they are authorized to access, for example, update the Device or Base Station configuration, send administrative O&M commands to a Base Station, etc. Without write access, users are still allowed to view these resources in ready-only (viewer) mode.
Nevertheless, restricting users' access to a limited set of Devices or Base Stations is supported via administrative domains. To learn more about restricting user access through administrative domains, see Domains.
The following table compares roles and rights that can exist on a ThingPark Enterprise platform.
|Role||Devices, Multicast Groups and Connections||Base stations||Subscription (including users and domains' management)|
|Administrator||Full access||Full access||Full access|
|Devices and Multicast Groups Manager||Full access||Read-only||Read-only|
|Base Stations Manager||Read-only||Full access||n/a|
When domain restrictions are defined for a non-Administrator user, the roles only apply to the resources matching the domain restrictions. All other resources are not accessible at all by that user.
When a non-Administrator user is authorized to access a resource (according to their assigned domain restrictions) in read-only mode, the ThingPark Enterprise user interface display deactivates all the user actions related to this resource.
Example The ADD BASE STATION button is not displayed to a user having read-only access to Base Stations' management. Additionally, all the Operation and Maintenance buttons displayed on the Advanced tab of the base station become deactivated.