Teams allow you to define different consultation rights for users. Roles allow or block access to features for certain users. We recommend that only one person be authorized to ensure consistency between the different sites.
Take for example the director of a company wishing to deploy Ermeo on different sites. Among its needs, it must be able to manage the users of each site. It must therefore classify these users.
We will now create roles based on this example.
- Go to Users and choose Roles.
- Click on New role.
- Name the new role.
After having clicked on "Modify the role", define the permissions on the Platform and on the App then save.
Now that the roles have been created, we will create the teams.
An admin team (that of our director) will have access to the entire platform,
- Click on teams in the Users tab.
- Create 2 teams. Name the first North team, and the second South team.
- Add members to these teams.
- In the Access rights tab for each team: decide on consultation rights by giving full or restricted access to the data in the space by adding criteria on all the resources (documents, database, users, interventions, reports and asset attributes).
If no rights are created for one of the asset, the user(s) of this team will have no access. This is why it is important to think about putting rights on all the data as soon as a team is created.
Prerequisite: Create a North Engines database
For example, for the North team we will add a condition that says if the Database is North engine, then the North team is allowed to read and write to asset.
For this :
- Click on the North team
- Go to the Access rights tab of this team
- Click on Edit
- Under assets, click on Add restrictions
- Add the condition "Database is North Engines"
- Save the condition
Your restricted access is now created.
Do not change your own roles and / or Teams, at the risk of no longer being able to access the functionalities of the Platform.
It's almost finished, last step:
- Create a New user (in the Users tab)
- Fill in the different fields.
- Make sure that the user has a role and one or more teams (an admin is generally in several teams in order to see all the data).
- Assign a license (without a license, the user can connect but the page will be empty)
- Create user attributes and fill in values.
- Click on create user (be careful, a user cannot be deleted).
To assign or unassign several licenses at the same time, on the list of users check the users and click the unassign a license icon.
To go further, we have seen how to create a right to consult resources (see part 2). We will add an "and" condition to this consultation right:
- In teams, click on modify the team for the North team
- Modify the consultation right created previously on the resources
- Add an "And" type condition (by clicking on the +) in the consultation right already created. For example, if the Database is North Motors and if the Power attribute is greater than or equal to "400", then the North team is authorized to read and write to the resources.
For a condition of type "or", you just need to Add a condition, but on all the existing rights (button at the bottom of the rights)
You can now move on to the next exercise.