Add resources and privileges to a role
Who are the users?
Users are individuals who log on to Aidi with a password or via a single sign-on (SSO) system. To find out how to create a user account, see the article on this subject.
The user's email address must be unique and can be used as a username.
In the case of SSO login, the email address is recognized and a user is automatically created. Similar to an access card that grants entry to your office building, your organization's email address serves as your key to access Aidi.
Access profile of a user
In Aidi’s user management, the notion of an access profile is fundamental. Every user in the system is assigned a profile. The role is what gives the user the resources and privileges to perform actions within the system.
Resources are the various screens and functionalities for which specific privileges are assigned. Privileges determine what the user can do with each resource. Understanding them in this way makes it easier to understand what follows, i.e. the definition of resources and privileges and how to assign them to the user.
If no role is assigned to a user, he or she will be able to connect to Aidi, but will not be able to do anything.
Definition and types of access profiles
✏️Note: Access profiles can only be defined or modified by users who have subscribed to the Aidi platform's Enterprise plan.
In the Aidi system, an access profile (e.g., project manager, site supervisor, controller, etc.) can be likened to an empty box. Without adding anything to it, the role is useless. In other words, a user with a role but no assigned resources can log in to their account but won't have access to any menus or relevant data. Therefore, for an access profile to have meaning within the Aidi environment, it must be assigned appropriate resources.
Assigning resources to an access profile goes hand in hand with the concept of granting privileges. This involves specifying the actions that a user (or a group of users with the same role) can or cannot perform within their account. For instance, a group of users with the role of 'site supervisor' may have the privilege to view budget data, but they may not be able to modify or approve it.
Click on this link for a complete list of resources in Aidi.
✏️Note : Some resources are interdependent. For example, to write in the logbook, you need at least the following resources:
- Project - data access
- Buildings - data access
- Suppliers - data access
Each resource can be assigned three types of privilege:
- Read: the user can only view that resource data.
- Write: users can view data, add to it or modify it.
- Delete: users can view, add, modify and delete resource data.
✏️Note : Privileges are incremental. This means that for the “Write” privilege to take effect, the “Read” privilege must be added. And to add the “Delete” privilege, you need to add the “Write” and “Read” privileges.
Add resources and privileges to a role
Now that we've clarified the notions of resource and privilege, let's see how we go about associating them, so that the user's role has relevance.
Note that only customers subscribing to the Enterprise plan of Aidi platform's can manage resources by access profile.
To associate resources and privileges, and add them to a role, proceed as follows, in your Aidi user interface.
|
|
- Click Create in the top right corner.
This opens a form containing a list of 3 selection fields: Role, Resource, Privilege.
- Select the relevant role. Example: Project Manager
✏️Note: the “role” itself must be created in the “Role” menu before this step.
- Select a resource. Example: Budgets
- Choose a privilege: Read, Write, Delete
- Click on the SAVE AND CLOSE button (or its alternatives) to save.
✏️Note: Each field is uniquely selectable. This means that these steps must be repeated for each privilege to be granted. Example: if you wish to give all budget privileges to a project manager, you need to repeat steps 3 to 7 at least three times (read, then write, then delete).
Example
User X has been assigned the role of Project Contributor, giving him write access to the following resources:
|
|
For all other screens and allocated resources, user X has read-only access.
Comments
0 comments
Please sign in to leave a comment.