Usage rights
Teams and users
Usage rights are assigned to teams and users. A team is a group of multiple users. The purpose of teams is to distribute similar usage rights to multiple users in the same location or with the same role efficiently. The recommendation is to distribute usage rights through teams whenever possible.
Read more: Teams
Lue lisää: Teams
When providing usge rights, it needs to be defined:
To which target the usage right is granted
The level of the usage rights
Targets of the usage rights
In NSnappy service, usage rights are distributed to the targets listed below. Usage rights are inherited in the hierarchy of the targets to lower levels, i.e., to the targets included in the target. The inheritance of rights is explained in more detail below and is also illustrated by the following diagram.
Usage rights and their inheritance
Service
When new users are created to NSnappy, they are created for a client. Customer service and so-called client admins can create new users. When a new user is created, they only receive login rights to the customer they were created for. Separate usage rights to the customer's targets, such as sites or blocks, must be granted to the new user.
Client
As mentioned in the previous section, a user is created for a specific client, granting the user only the login rights to that client account. Other usage rights must be separately assigned to the user for sites, blocks, etc. Creating a user does not grant any actual usage rights to the user, only a login to the client itself. A user can be given the so-called client admin rights, allowing the user to create new users for that client account and maintain the entire customer account. The admin rights granted to the client account are inherited to all of the customer's sites and targets. Typically, when creating a new client account, client administrator rights are given at least to one user.
A user can have access to multiple customer accounts. If a user needs access to multiple client accounts, this must be requested from customer service.
Site
The usage rights granted to the site are inherited to all blocks and control points of the site. If users are given admin rights to the site, they become so-called site admins. Site admins can view and edit all targets of the site, and can also, for example, create new blocks and control points for the site.
Block
Usage rights granted for a block inherits to all control points of the block.
Control point
Usage rights granted to a control block apply only for the specific control point and channels included to the control point. Usage rigts granted for a control point don’t inherit to other targets.
Warehouse
Usage rights granted to a warehouse inherit to all measurement devices which home warehouse is set to the specific warehouse. Client admin gets automatically full usage rights to all warehouses of the client account. Full usage rights are needed only when installing measurement devices or when editing settings of the measurement devices.
The level of the usage rights
When granting usage rights, it’s defined the level of the usage rights which user gets to the target (and to the targets inside of it). The level of the usage rights can also be modified later on.
The table below explains the different levels of the usage rights.
Icon | Level of the usage rights | Which usage rights are granted? |
|---|---|---|
 | Viewing permission | Grants rights to see the target in the service and in the reports. In reporting, user see only the information of those targets the user is having viewing permission. Viewing permission to a warehouse grants rights to use the measurement devices of the warehouse, e.g. NSnappy Sense for sample measurements. |
 | Report admin permisson | Grants rights to create, edit and delete report template, i.e. report admin rights. This level of usage rights is always granted for the whole client account and it grants rights to admin all reports of the client. |
 | Document admin permission | Grants rights to create, edit and delete documents, i.e. document admin permissions. |
 | Notification message reception | Grants rights to receive notification messages. |
 | Notification acknowledgement permission | Grants rights to acknowledge notifications, such as warnings and alerts. |
 | Task execution permission | Grants rights to execute tasks. |
 | Admin permission | Grants admin rights, which means all level of usage rights for the target. |
Rights to grant usage rights
Users, who have admin permission to the target, can grant usage rights to this target also to other users. They can also edit and delete existing usage rights.
Example of teams and usage rights
Client has two separate sites with different staff. There’s one responsible person following the both sites.
Teams for the usage rights are created:
Client admins
Site 1 admins
Site 1 staff
Site 2 admins
Site 2 staff
Teams are granted the usage rights for the targets:
Client admins: full client account, all usage rights levels (granted automatically also to all warehouses of the client)
Site 1 admins:
Site 1: admin permission, document admin permission, notification message reception, notification acknowledgement permission, task execution permission
Site 1: warehouse: wieving permission
Site 1 staff:
Site 1: viewing permission, notification acknowledgement permission, task execution permission
Site 1 warehouse: wieving permission
Site 2 admins:
Site 2: admin permission, document admin permission, notification message reception, notification acknowledgement permission, task execution permission
Site 2 warehouse: wieving permission
Site 2 staff:
Site 2: viewing permission, notification acknowledgement permission, task execution permission
Site 2 warehouse: wieving permission
Overlap and aggregation of usage rights
It is possible to grant overlapping usage rights in the service. In cases of overlapping usage rights, all directly granted rights to the targets and inherited rights from higher levels are always added together. This means that when granting usage rights, they can only be added, not reduced.
Example of aggregation of usage rights
The user has been granted admin permission maintenance rights for the site. User can edit all blocks and control points of the site. These rights cannot be removed, for example, from only one block or control point within the site with any given access right.
Also, note that if the user has been granted overlapping permissions, removing one usage right is not enough to completely remove the permissions.
Example of and overlapping permission
User has granted viewing permission to site, and in addition another usage right which grants viewing permission for one control point of the mentioned site. If usage right for the control point is deleted, user still has viewing permission to it as user has viewing permission to the site.