Product Features
...
System
Access Control

Users

9min

The Users pane allows you to create and manage user access in Manufacturing Connect Edge.

Relationship of Roles, Groups, and Users

Manufacturing Connect Edge incorporates a Role-based access control (RBAC) to customize user permission settings in the form of three distinct components.

  • Roles: Each role has a collection of customizable permissions. Roles are added to groups and determine the permissions groups have. See Role Permissions for details.
  • Groups: A group is made up of one or more roles. The roles in a group determine the permissions for the group.
  • Users: Accounts that will be assigned to groups. The one or more groups a user is assigned to determines the roles and permissions the user has.

Working together, a Role determines the permission settings a Group will have. A Group will contain one or more roles that determines its permissions. A User will be assigned to a Group where it will have access to Manufacturing Connect Edge based on the the Group's one or more Roles.

Important: The following properties should be kept in mind when adding/editing Roles/Groups/Users.

  • A group can receive more than one role (and their respective permission settings) to a resource.
  • A user can be assigned to multiple groups.
  • If a user is not assigned to at least one group, they will not be able to log in to Manufacturing Connect Edge.
  • In the case of conflicting permission settings: As long as there is at least one role or group with permissions to a resource, regardless of how many other roles/groups that don't have it, users will receive that resource.
Visual representation of roles, groups, and users
Visual representation of roles, groups, and users


Default Roles, Groups, and Users

By default, the following user management items are provisioned that can't be deleted.

Roles

  • Administrator
  • Viewer

Groups

  • Administrators
  • Viewers

User

  • admin

The system ensures that at least one user has the appropriate administrative permissions to manage roles, groups, and users.

Default User Permissions

By default, every user has the permission to accept the Manufacturing Connect Edge end-user license (EULA) when logging in the first time. Users can also access their user profile to view their current user permissions and change their password. See Manage Your User Profile for details.

Learn more about Role Permissions.

Backup Files and Templates

All role, group, and user configurations are included in backup files. See Backup/Restore and Backup File Contents and File Management for more information.

In template files, only authentication providers are included in template configurations. If you apply a template to a new edge device, you will need to map LDAP groups manually. See Manage LDAP Providers for more information.

Legacy User Migration

For Manufacturing Connect Edge instances on version 3.2 and earlier, there were three possible roles: Observer, Developer, and Administrator. When you upgrade to version 3.3 or later:

  • Any Administrator role is automatically provisioned to the Administrators group with the group's respective permissions.
  • Observer and Developer roles are automatically provisioned to the Viewers group with the group's respective permissions.

Access Users UI

Note: You must have the appropriate permissions to manage roles, groups, and users. By default, the first user (admin user) provisioned in Manufacturing Connect Edge has these user permissions.

From the Litmus Edge navigation panel, navigate to System > Access Control. The Users pane appears.

Document image


Next Steps