Difference between revisions of "Roles and permissions"

From WICE Wiki v2.91
Jump to navigation Jump to search
(→‎Permission to specific assignments: Added more explainatory text.)
 
(33 intermediate revisions by 5 users not shown)
Line 1: Line 1:
<includeonly>====Roles and permissions====</includeonly>
<includeonly>====Roles and permissions====</includeonly>
In order to restrict access to resources and functions in the portal, there is a framework using roles and permissions. Permissions are given on a set of resources. These permissions are grouped into roles, and roles are then attached to one or several users to be granted specific permissions.
In order to restrict access to resources and functions in the portal, there is a framework using roles and permissions. Permissions are given on a set of resources. These permissions are grouped into roles, and roles are then attached to one or several users to be granted specific permissions.
[[File:Edit roles and permissions.png|thumb|400x400px|Illustration 51: The edit roles and permissions dialog.]]
The “Edit roles and permission” dialog can be seen in Illustration 51. It consists of three tables. The top left table holds a list of the roles, the top right holds the user(s) for the selected role and the bottom one hold the selected role's permissions. Their size is adjustable and you can minimize them by clicking on the line between them.


The “Edit roles and permission” dialog can be seen in Figure "Edit Roles and Permissions Dialog". It consists of three tables. The top left table holds a list of the roles, the top right holds the user(s) for the selected role and the bottom one hold the selected role's permissions. Their size is adjustable and you can minimize them by clicking on the line between them.
[[File:Roles and permissions panel-20210217-144811.png|left|thumb|400x400px|Edit Roles and Permissions Dialog]]
<br clear="all">
You add a new role by pressing the button “Add role” and delete a role along with its permissions by pressing the red button next to it. When making a role you add a description and unique name. To edit an already existing role, double click the entry you wish to edit.
You add a new role by pressing the button “Add role” and delete a role along with its permissions by pressing the red button next to it. When making a role you add a description and unique name. To edit an already existing role, double click the entry you wish to edit.


When you select a role in the top left table, the lower table shows that specific role's permissions and the upper right table shows which users have that role. The permissions table consists of two columns, a string that is the actual permission and the set of resources that apply to that permission. In the illustration to the right there is only one resource but there can be a list of resources and resource groups that the permission applies to.<br clear="all">
When you select a role in the top left table, the lower table shows that specific role's permissions and the upper right table shows which users have that role. The permissions table consists of two columns, a string that is the actual permission and the set of resources that apply to that permission.  


=== Creating and editing roles and permissions ===
=== Creating and editing roles and permissions ===
[[File:Add permission.png|thumb|Illustration 52: Creating a new permission]]
 
To create a new permission press the “Add permission” button. It opens the following interaction depicted in illustration 52.
[[File:Add permission.png|thumb|Creating New Permission]]
[[File:Editing permissions.png|thumb|400x400px|Illustration 53: Editing assignment permissions]]
 
# Select what kind of permission you want. There are eight different permissions, seven for WCUs and one to give permission to all assignments (the assignment permission can not be modified).The permissions for WCUs are:
To create a new permission press the “Add permission” button. It opens the following interaction depicted in Figure "Creating New Permission".
## '''Assignment'''. Controls if a user is permitted to create/see assignments of a specific type on a WCU. More what this means is discussed below in "Permission to specific assignments"
 
[[File:Editing permissions.png|thumb|400x400px|Editing Task Permissions]]
 
# Select what kind of permission you want. There are a number of different permissions, ten for WCUs and one to give permission to all tasks (the task permission can not be modified). The permissions are:
## '''Task'''. Controls if a user is permitted to create/see tasks of a specific type on a WCU. More what this means is discussed below in "[https://wiki.alkit.se/wice270/index.php?title=Roles_and_permissions#Permission_for_specific_tasks Permission to specific tasks]"
## '''Assignment Creator'''. This permission handles access to creating/editing/viewing assignments in the tab Assignment (see [[Signal Reader Assignment Wizard|signal reader]] and [[Area5 Assignment Wizard|Area5]]). Having a read-permission means that you can see a list of assignments but you cannot go ahead and edit or create them. A write-permission on the other hand makes you eligible to edit and create assignments. Currently, the permission is only relevant for signal reader and Area5.
## '''Configuration.''' This permission controls whether you are allowed to work with a WCU's configuration.
## '''Configuration.''' This permission controls whether you are allowed to work with a WCU's configuration.
## '''Module'''. The permission controls the access to individual module configurations on a WCU. An example of a module is Signal reader.
## '''Module'''. The permission controls the access to individual module configurations on a WCU. An example of a module is Signal reader.
## '''Monitor'''. An assignment can have a monitor function to report data in real time. In order to see the real time data the user must have this permission.
## '''Monitor'''. A task can have a monitor function to report data in real time. In order to see the real time data the user must have this permission.
## '''Plot route'''. To see a historic GPS track of a WCU a user must have this permission.
## '''Plot route'''. To see a historic GPS track of a WCU a user must have this permission.
## '''Position'''. Allows a user to see a WCU's current position.
## '''Position'''. Allows a user to see a WCU's current position.
## '''Shelving'''. Allows a user to handle any shelving, unshelving and refurbishing of a WCU.
## '''View'''. This permission applies to the Vehicles tab. It has to do with whether you are allowed to list a WCU in the table. Selecting this subtype makes the subtype type part unnecessary and therefore, it is removed if you choose this resource type.                                                                                                                                                                                                                                             
## '''View'''. This permission applies to the Vehicles tab. It has to do with whether you are allowed to list a WCU in the table. Selecting this subtype makes the subtype type part unnecessary and therefore, it is removed if you choose this resource type.                                                                                                                                                                                                                                             
##'''Connect'''. Allows a user to connect a WCU to a vehicle.                                                                                                                                                                                                                                           
# Choosing if the permission should be a read and/or write permission. One of these have to be selected or you will not be able to save changes.
# Choosing if the permission should be a read and/or write permission. One of these have to be selected or you will not be able to save changes.
# Selecting which resources that apply to the permission. The selection is made using the two tables you see in Illustration 53. To select a resource, which can be a resource group, you enter the name of the resource in the left table filter area. As you type, the table is automatically filled with resources matching the criteria. If a resource is part of a resource group the icon to the left is shown. If you hold the mouse over the resource name you will see which resource group it is part of. If you instead see the icon shown to the left, the resource is a resource group. Holding the mouse over the entry will show you which resources are part of the resource group. To select a resource, drag it over to the right table or select the resource and then press the right-arrow. To deselect a resource, drag it to the left table or press the left-arrow. There is a “Select all” option. It selects all current and future resources to which this permission should be applied.
# Selecting which resources that apply to the permission. The selection is made using the two tables you see in Figure "Editing Task Permissions". To select a resource, which can be a resource group, you enter the name of the resource in the left table filter area. As you type, the table is automatically filled with resources matching the criteria. If a resource is part of a resource group the icon to the left is shown. If you hold the mouse over the resource name you will see which resource group it is part of. If you instead see the icon shown to the left, the resource is a resource group. Holding the mouse over the entry will show you which resources are part of the resource group. To select a resource, drag it over to the right table or select the resource and then press the right-arrow. To deselect a resource, drag it to the left table or press the left-arrow. There is a “Select all” option. It selects all current and future resources to which this permission should be applied.
# Set what type of assignments the permission applies to. It is automatically set to have all selected but you can unselect all and selecting other assignments. This option is only availible on the '''assignment''', '''monitor''' and '''module''' permission. It corresponds to the set of available modules for a WCU.
# Set what type of tasks the permission applies to. It is automatically set to have all selected but you can unselect all and selecting other tasks. This option is only available on the '''WCU task''', '''assignment''' '''creator,''' '''monitor''' and '''module''' permissions. It corresponds to the set of available modules for a WCU.
When you are done press "Save changes" or "Reset changes" if you want to revert the changes. You can always edit the permission by selecting it in the table. The dialog described above will show  and you can make your changes, except that you can not change what type of assignment it is.
When you are done press "Save changes" or "Reset changes" if you want to revert the changes. You can always edit the permission by selecting it in the table. The dialog described above will show  and you can make your changes, except that you can not change what type of task it is.
 
==== Assignment Creator permission ====
This permission concerns the [[Signal Reader Assignment Editor|signal reader assignment editor]]. If you give the user a read permission they can look at already created assignments. If you give a user the write permission they will also be able to create and delete assignments.
 
==== Vehicle Profile permission ====
With this permission you can delegate to individual users the possibility to view vehicle profiles if given the read permission. This makes the tab visible in the GUI but all buttons concerning editing/adding/removing are disabled. If a user has the write permission as well, the user will be able to edit/add and remove vehicle profiles.
 
==== Vehicle Create permission ====
This permission enables a user to do [[The Portal Administrator View#Add Vehicle Dialog|Add Vehicle]]. This will also let a user view any disconnected vehicles in the vehicles tab.
 
==== Resource Group Manage permission ====
This permission enables a user to [[The Portal Administrator View#Resource Groups|manage resource groups]]. Managing resource groups entails adding and removing WCUs from groups, editing groups, and removing groups. It will also enable access to the Resource groups panel.
 
==== Resource Group Create permission ====
This permission enables a user to create resource groups by pressing Add New in the Resource groups panel of the Administration tab. It will also enable access to the Resource groups panel. Any permissions that may be needed to initially manage or edit the created resource group will be added to a role specific to the creator upon creating the group.
 
=== Selecting resources using uploaded file ===
As described above, you can select resources in the select resources widget. In addition to this, you can upload a file containing the vehicles or WCUs that you would like to apply to a permission or a set of permissions. By pressing the button called 'Import vehicle file' you will be presented with a dialog where you can upload a file containing multiple vehicles or WCUs. You can either upload an excel file or a CSV type of text file. What is important is that there is a header column saying what type of identifiers can be found in the file. Identifiers currently supported are: vin, plate or wcu. An example content of file (CSV):
 
<kbd>
wcu<br>
04-1B-35-98<br>
90-80-AA<br>
</kbd>
[[File:Import vehcile file-20210217-151236.png|thumb|Import a vehicle file for permission resource selection]]
Just by changing the heading to plate or vin you should reference such identifiers in the file. The dialog also presents the option to ignore resources not found and apply the changes for those found. The default is however to do nothing if any of the resources are not found. The checkbox 'Ignore unconnected vehicles' is only applicable if you have plate or vin identifiers.
 
If you have selected a permission in the permission table, the resources in the file will be applied to only the selected permission. If you have selected a role in the top leftmost table, the resources in the file will be applied to all permissions of the role.


=== Changing a users roles and permissions ===
=== Changing a users roles and permissions ===
You can change a user's roles under in the edit user dialog if you press the button "Edit user roles". The edit user dialog then gets extended as two boxes appear, a left one with available roles and a right one with current roles. In the left one you can search the role(s) you want and drag them to the right box or press the button pointing right. With the two buttons at the bottom corner(the paper and clipboard ones) you can copy the names of the roles and also insert the names of roles to add them.
You can change a user's roles under in the edit user dialog if you press the button "Edit user roles". The edit user dialog then gets extended as two boxes appear, a left one with available roles and a right one with current roles. In the left one you can search the role(s) you want and drag them to the right box or press the button pointing right. With the two buttons at the bottom corner(the paper and clipboard ones) you can copy the names of the roles and also insert the names of roles to add them.


You can also change a users permission to view tasks in the tasks tab. By right-clicking the permission(s) you want to change permissions one and going to "Permission" you will get the options "Show who can see assignment" and "Add who can see assignment". "Show who can see assignment" will open a window with a left and a right box where the left contains users without permission to view the assignment and the right contains users who have permission. By moving users from the left to right and vice versa you can give or remove someones permission. You can also press the clipboard the the right bottom to copy the users who have permissions or add users by writing their name within parentheses. Users in the right box can be unselectable and that is if they have a role giving them the permission to view that assignment the only way to remove that is to remove that role from them. "Add who can see assignment" works the same way as "Show who can see assignment" except that the right box does not show users with permission so you can not remove permissions, this is so that with add you can add permissions for many assignments at the same time as the show can not show users from many assignments.
You can also change a users permission to view tasks in the tasks tab: By right-clicking the task(s) you want to change permissions for and hovering over "Permission" you will get the options "Show who can see task" and "Add who can see task". "Show who can see task" will open a window with a left and a right box where the left contains users without permission to view the task and the right contains users who have permission. By moving users from the left to right and vice versa you can give or remove someones permission. You can also press the clipboard the the right bottom to copy the users who have permissions or add users by writing their name within parentheses. Users in the right box can be unselectable and that is if they have a role giving them the permission to view that task the only way to remove that is to remove that role from them. "Add who can see task" works the same way as "Show who can see task" except that the right box does not show users with permission so you can not remove permissions, this is so that with add you can add permissions for many tasks at the same time as the show can not show users from many tasks.
[[File:Copy user assignment permissions.png|thumb|300x300px|Illustration 54: Copy user assignment permissions dialog]]
 
[[File:Copy user assignment permissions.png|thumb|300x300px|Copy User Task Permissions Dialog]]
 
You can also edit a users role by searching for user(s) and right clicking on them to get a window with different options. There are five different options where the three first can be used on multiple users at the same time while the bottom two can not.
You can also edit a users role by searching for user(s) and right clicking on them to get a window with different options. There are five different options where the three first can be used on multiple users at the same time while the bottom two can not.
* "Add user assignment permissions to this user" will open the dialog shown in illustration 54. With this button you take a users assignment permissions and add them to the selected user(s). You do this by searching and selecting a user and then pressing "OK".
* "Add user task permissions to this user" will open the dialog shown in Figure "Copy User Task Permissions Dialog". With this button you take a user's task permissions and add them to the selected user(s). You do this by searching and selecting a user and then pressing "OK".
* "Replace user assignment permissions with user" will open a similar dialog to illustration 54. This button i much like the one before except that instead of adding permissions to the current this replaces the permissions that the selected user(s) have. Here you also search the user whose permissions you want to replace the select them and press "OK".
* "Replace user task permissions with user" will open a similar dialog to the one in Figure "Copy User task Permissions Dialog". This button is much like the one before except that instead of adding permissions to the current user this replaces the permissions that the selected user(s) have. Here you also search the user whose permissions you want to replace the select them and press "OK".
* "Copy user roles to this user" will open a similar dialog to illustration 54. This button instead of replacing permissions replace selected user(s) roles with the roles of a user who you chose. Search the user whose roles you want to copy for replacement and press "OK".[[File:Give permission on car.png|thumb|Illustration 55: Give permission on car dialog]]
* "Copy user roles to this user" will open a similar dialog to Figure "Copy User Task Permissions Dialog". Instead of replacing permissions, this dialog replaces selected user(s) roles with the roles of a user who you chose. Search the user whose roles you want to copy for replacement and press "OK".
* "Give this user permission to all assignments on Car" is quite self explanatory and is to give assignment permission on one or many cars. The dialog will look like illustration 55. In the left box you select cars and move them to the right to give permission on them, you can also as you see below the left box select a file with cars to easily select a set of cars. Then you select which types of assignments it should give permission to (leaving this empty will not give any permissions). You can also check the checkbox "Reset user permission" to replace the roles of the selected user instead of adding new to the current ones.
 
* "Give this user permission to all assignments on WCU" is identical to the previous button except that it applies to WCUs instead of Cars.
[[File:Give permission on car.png|thumb|Give Permission on Vehicle Dialog]]
 
 
* "Give this user permission to all tasks on vehicle" gives task permission on one or many vehicles. The dialog will look like the dialog in Figure "Give Permission on Vehicle Dialog". In the left box you select vehicles and move them to the right to give permission on them, you can also as you see below the left box select a file with vehicles to easily select a set of vehicles. Then you select which types of tasks it should give permission to (leaving this empty will not give any permissions). You can also check the checkbox "Reset user permission" to replace the roles of the selected user instead of adding new to the current ones.
* "Give this user permission to all tasks on WCU" is identical to the previous button except that it applies to WCUs instead of vehicles.
 
==== User specific roles ====
A role may also be set to be specific to just one user. Doing this will remove the role from any other users that currently have it as well as prevent adding the role to any other users but the specified user.
 
=== Permission for specific tasks ===
The above text discuss permissions as they are found from the User panel. There are also a set of "implicit" permissions created when a new task is created, based on the task type permission discussed above. Let us elaborate a bit on this to make it clear what it means. The use case is as follows; a user has a read task permission on a WCU ("wcu:assignment:soh:read:awcu"). (Observe that a task permission might contain the word "assignment" even if it is referring to a task. Look at the menu names instead to confirm that you are working with a task.) Let us say that a new state-of-health task is created on the WCU ("''awcu''") while the user has the above permission. Regardless of who created the task, the user will now be able to list this task in the Tasks panel and download any data produced. Later, as time goes by, the WCU is no longer used in the particular project and an administrator removes the permission "wcu:assignment:soh:read:awcu" from the user. When new tasks are created on this WCU our user above will not be able to see the new tasks created in the Tasks panel. However, the user will be able to see the previous task, i.e. when the user had the correct permission. Thus, this solution enables users to retain the permission to see historical tasks, let us call this a '''historical task permission'''. This type of permission cannot be seen in the permission panel. To see who has access to which '''historical task''' you must turn to the Task panel.
 
[[File:Task-panel-permission.png|thumb|Permission Choices in the Tasks Panel]]
 
As an administrator you have the possibility to both see and modify who has access to individual tasks. There are two options presented if you right-click an task in the Tasks panel. To the right you see the two choices available. The top choice is only available if you have selected a single row in the table. The bottom one is always available, also if electing multiple rows.
 
==== Top selection "Show who can see task" ====
By selecting the top selection you will be presented with a dialog where on the left hand side you have all available users that do not have the permission to see the task. On the right hand side you have the users that have the permission to do so. On the right hand side you might see that some users are grayed. Those users have the ''task permission,'' not to be confused with the WCU task permission'','' described above. Also, the users visible are enabled, disabled users will not be displayed.
 
[[File:Users-with-read-permission-tasks-panel.png|thumb|Users with Permission on a Specific Task]]


=== Permission for specific assignments ===
To give a user the permission to see the task, simply move the user from the left side to the right side. This is accomplished by selecting one or more users and then click the right-arrow. Conversely, to remove a user from the permission select the users from the right side and click the left-arrow. At the top of the left side you can search for users by typing and as you go the users will be filtered to match what you type.
The above text discuss permissions as they are found from the User panel. There are also a set of "implicit" permissions created when a new assignment is created, based on the assignment type permission discussed above. Let us elaborate a bit on this to make it clear what it means. The use case is as follows; a user has a read assignment permission on a WCU (wcu:assignment:soh:read:awcu). A new state-of-health assignment is created on the WCU ''awcu'' while the user has this permission. Regardless of who created the assignment, the user will now be able to list this assignment in the Tasks panel and download any data produced. Later, as time goes by, the WCU is no longer used in the particular project and an administrator removes the permission wcu:assignment:soh:read:awcu from the user. When new assignments are created on this WCU our user above will not be able to see the new assignments created in the Tasks panel. However, the user will be able to see the previous assignment, i.e. when the user had the correct permission. Thus, this solution enables users to retain the permission to see historical assignments, let us call this a '''historical assignment permission'''. This type of permission cannot be seen in the permission panel. To see who has access to which '''historical assignment''' you must turn to the Task panel.
[[File:Task-panel-permission.png|thumb|Permission choices in the Tasks panel]]
As an administrator you have the possibility to both see and modify who has access to individual assignments. There are two options presented if you right-click an assignment in the Tasks panel. To the right you see the two choices available. The top choice is only available if you have selected a single row in the table. The bottom one is always available, also if electing multiple rows.


By selecting the top selection you will be presented with a dialog where on the left hand side you have all available users that do not have the permission to see the assignment. On the right hand side you have the users that have the permission to do so. On the right hand side you might see that some users are greyed. Those users have the ''assignment permission,'' not to be confused with the WCU assignment permission'','' described above. Also, the users visible are enabled, disabled users will not be displayed.
In the picture "Users with Permission on a Specific Task" to the right you see the user 'serverTriggerUser' which is an enabled user which do not yet have the permission to see the task.
[[File:Users-with-read-permission-tasks-panel.png|thumb|Users with permission on a specific assignemnt.]]
To give a user the permission to see the assignment, simply move the user from the left side to the right side. This is accomplished by selecting one or more users and then click the right-arrow. Conversely, to remove a user from the permission select the users from the right side and click the left-arrow. At the top of the left side you can search for users by typing and as you go the users will be filtered to match what you type.


To the right you see that the username 'm2m' has been filtered for and there are three such users present that are enabled and do not yet have the permission to see the assignment.
==== Bottom selection "Add who can see task" ====
The bottom selection from above 'Add who can see task' will not list who already has access to the task, but rather just list all users available regardless whether they already have permission or not to the task.


The bottom selection from above 'Add who can see assignment' will not list who already has access to the assignment, but rather just list all users available regardless whether they already have permission or not to the assignment.
You can also give a user permission to all running tasks on WCUs whose task types that user has access to. See [[The Portal Administrator View#The New User Dialog|The new user dialog]] (the portal administrator view).


{{DEFAULTSORT:Rolas and Permissions}}
{{DEFAULTSORT:Rolas and Permissions}}

Latest revision as of 08:36, 3 July 2024

In order to restrict access to resources and functions in the portal, there is a framework using roles and permissions. Permissions are given on a set of resources. These permissions are grouped into roles, and roles are then attached to one or several users to be granted specific permissions.

The “Edit roles and permission” dialog can be seen in Figure "Edit Roles and Permissions Dialog". It consists of three tables. The top left table holds a list of the roles, the top right holds the user(s) for the selected role and the bottom one hold the selected role's permissions. Their size is adjustable and you can minimize them by clicking on the line between them.

Edit Roles and Permissions Dialog


You add a new role by pressing the button “Add role” and delete a role along with its permissions by pressing the red button next to it. When making a role you add a description and unique name. To edit an already existing role, double click the entry you wish to edit.

When you select a role in the top left table, the lower table shows that specific role's permissions and the upper right table shows which users have that role. The permissions table consists of two columns, a string that is the actual permission and the set of resources that apply to that permission.

Creating and editing roles and permissions

Creating New Permission

To create a new permission press the “Add permission” button. It opens the following interaction depicted in Figure "Creating New Permission".

Editing Task Permissions
  1. Select what kind of permission you want. There are a number of different permissions, ten for WCUs and one to give permission to all tasks (the task permission can not be modified). The permissions are:
    1. Task. Controls if a user is permitted to create/see tasks of a specific type on a WCU. More what this means is discussed below in "Permission to specific tasks"
    2. Assignment Creator. This permission handles access to creating/editing/viewing assignments in the tab Assignment (see signal reader and Area5). Having a read-permission means that you can see a list of assignments but you cannot go ahead and edit or create them. A write-permission on the other hand makes you eligible to edit and create assignments. Currently, the permission is only relevant for signal reader and Area5.
    3. Configuration. This permission controls whether you are allowed to work with a WCU's configuration.
    4. Module. The permission controls the access to individual module configurations on a WCU. An example of a module is Signal reader.
    5. Monitor. A task can have a monitor function to report data in real time. In order to see the real time data the user must have this permission.
    6. Plot route. To see a historic GPS track of a WCU a user must have this permission.
    7. Position. Allows a user to see a WCU's current position.
    8. Shelving. Allows a user to handle any shelving, unshelving and refurbishing of a WCU.
    9. View. This permission applies to the Vehicles tab. It has to do with whether you are allowed to list a WCU in the table. Selecting this subtype makes the subtype type part unnecessary and therefore, it is removed if you choose this resource type.
    10. Connect. Allows a user to connect a WCU to a vehicle.
  2. Choosing if the permission should be a read and/or write permission. One of these have to be selected or you will not be able to save changes.
  3. Selecting which resources that apply to the permission. The selection is made using the two tables you see in Figure "Editing Task Permissions". To select a resource, which can be a resource group, you enter the name of the resource in the left table filter area. As you type, the table is automatically filled with resources matching the criteria. If a resource is part of a resource group the icon to the left is shown. If you hold the mouse over the resource name you will see which resource group it is part of. If you instead see the icon shown to the left, the resource is a resource group. Holding the mouse over the entry will show you which resources are part of the resource group. To select a resource, drag it over to the right table or select the resource and then press the right-arrow. To deselect a resource, drag it to the left table or press the left-arrow. There is a “Select all” option. It selects all current and future resources to which this permission should be applied.
  4. Set what type of tasks the permission applies to. It is automatically set to have all selected but you can unselect all and selecting other tasks. This option is only available on the WCU task, assignment creator, monitor and module permissions. It corresponds to the set of available modules for a WCU.

When you are done press "Save changes" or "Reset changes" if you want to revert the changes. You can always edit the permission by selecting it in the table. The dialog described above will show and you can make your changes, except that you can not change what type of task it is.

Assignment Creator permission

This permission concerns the signal reader assignment editor. If you give the user a read permission they can look at already created assignments. If you give a user the write permission they will also be able to create and delete assignments.

Vehicle Profile permission

With this permission you can delegate to individual users the possibility to view vehicle profiles if given the read permission. This makes the tab visible in the GUI but all buttons concerning editing/adding/removing are disabled. If a user has the write permission as well, the user will be able to edit/add and remove vehicle profiles.

Vehicle Create permission

This permission enables a user to do Add Vehicle. This will also let a user view any disconnected vehicles in the vehicles tab.

Resource Group Manage permission

This permission enables a user to manage resource groups. Managing resource groups entails adding and removing WCUs from groups, editing groups, and removing groups. It will also enable access to the Resource groups panel.

Resource Group Create permission

This permission enables a user to create resource groups by pressing Add New in the Resource groups panel of the Administration tab. It will also enable access to the Resource groups panel. Any permissions that may be needed to initially manage or edit the created resource group will be added to a role specific to the creator upon creating the group.

Selecting resources using uploaded file

As described above, you can select resources in the select resources widget. In addition to this, you can upload a file containing the vehicles or WCUs that you would like to apply to a permission or a set of permissions. By pressing the button called 'Import vehicle file' you will be presented with a dialog where you can upload a file containing multiple vehicles or WCUs. You can either upload an excel file or a CSV type of text file. What is important is that there is a header column saying what type of identifiers can be found in the file. Identifiers currently supported are: vin, plate or wcu. An example content of file (CSV):

wcu
04-1B-35-98
90-80-AA

Import a vehicle file for permission resource selection

Just by changing the heading to plate or vin you should reference such identifiers in the file. The dialog also presents the option to ignore resources not found and apply the changes for those found. The default is however to do nothing if any of the resources are not found. The checkbox 'Ignore unconnected vehicles' is only applicable if you have plate or vin identifiers.

If you have selected a permission in the permission table, the resources in the file will be applied to only the selected permission. If you have selected a role in the top leftmost table, the resources in the file will be applied to all permissions of the role.

Changing a users roles and permissions

You can change a user's roles under in the edit user dialog if you press the button "Edit user roles". The edit user dialog then gets extended as two boxes appear, a left one with available roles and a right one with current roles. In the left one you can search the role(s) you want and drag them to the right box or press the button pointing right. With the two buttons at the bottom corner(the paper and clipboard ones) you can copy the names of the roles and also insert the names of roles to add them.

You can also change a users permission to view tasks in the tasks tab: By right-clicking the task(s) you want to change permissions for and hovering over "Permission" you will get the options "Show who can see task" and "Add who can see task". "Show who can see task" will open a window with a left and a right box where the left contains users without permission to view the task and the right contains users who have permission. By moving users from the left to right and vice versa you can give or remove someones permission. You can also press the clipboard the the right bottom to copy the users who have permissions or add users by writing their name within parentheses. Users in the right box can be unselectable and that is if they have a role giving them the permission to view that task the only way to remove that is to remove that role from them. "Add who can see task" works the same way as "Show who can see task" except that the right box does not show users with permission so you can not remove permissions, this is so that with add you can add permissions for many tasks at the same time as the show can not show users from many tasks.

Copy User Task Permissions Dialog

You can also edit a users role by searching for user(s) and right clicking on them to get a window with different options. There are five different options where the three first can be used on multiple users at the same time while the bottom two can not.

  • "Add user task permissions to this user" will open the dialog shown in Figure "Copy User Task Permissions Dialog". With this button you take a user's task permissions and add them to the selected user(s). You do this by searching and selecting a user and then pressing "OK".
  • "Replace user task permissions with user" will open a similar dialog to the one in Figure "Copy User task Permissions Dialog". This button is much like the one before except that instead of adding permissions to the current user this replaces the permissions that the selected user(s) have. Here you also search the user whose permissions you want to replace the select them and press "OK".
  • "Copy user roles to this user" will open a similar dialog to Figure "Copy User Task Permissions Dialog". Instead of replacing permissions, this dialog replaces selected user(s) roles with the roles of a user who you chose. Search the user whose roles you want to copy for replacement and press "OK".
Give Permission on Vehicle Dialog


  • "Give this user permission to all tasks on vehicle" gives task permission on one or many vehicles. The dialog will look like the dialog in Figure "Give Permission on Vehicle Dialog". In the left box you select vehicles and move them to the right to give permission on them, you can also as you see below the left box select a file with vehicles to easily select a set of vehicles. Then you select which types of tasks it should give permission to (leaving this empty will not give any permissions). You can also check the checkbox "Reset user permission" to replace the roles of the selected user instead of adding new to the current ones.
  • "Give this user permission to all tasks on WCU" is identical to the previous button except that it applies to WCUs instead of vehicles.

User specific roles

A role may also be set to be specific to just one user. Doing this will remove the role from any other users that currently have it as well as prevent adding the role to any other users but the specified user.

Permission for specific tasks

The above text discuss permissions as they are found from the User panel. There are also a set of "implicit" permissions created when a new task is created, based on the task type permission discussed above. Let us elaborate a bit on this to make it clear what it means. The use case is as follows; a user has a read task permission on a WCU ("wcu:assignment:soh:read:awcu"). (Observe that a task permission might contain the word "assignment" even if it is referring to a task. Look at the menu names instead to confirm that you are working with a task.) Let us say that a new state-of-health task is created on the WCU ("awcu") while the user has the above permission. Regardless of who created the task, the user will now be able to list this task in the Tasks panel and download any data produced. Later, as time goes by, the WCU is no longer used in the particular project and an administrator removes the permission "wcu:assignment:soh:read:awcu" from the user. When new tasks are created on this WCU our user above will not be able to see the new tasks created in the Tasks panel. However, the user will be able to see the previous task, i.e. when the user had the correct permission. Thus, this solution enables users to retain the permission to see historical tasks, let us call this a historical task permission. This type of permission cannot be seen in the permission panel. To see who has access to which historical task you must turn to the Task panel.

Permission Choices in the Tasks Panel

As an administrator you have the possibility to both see and modify who has access to individual tasks. There are two options presented if you right-click an task in the Tasks panel. To the right you see the two choices available. The top choice is only available if you have selected a single row in the table. The bottom one is always available, also if electing multiple rows.

Top selection "Show who can see task"

By selecting the top selection you will be presented with a dialog where on the left hand side you have all available users that do not have the permission to see the task. On the right hand side you have the users that have the permission to do so. On the right hand side you might see that some users are grayed. Those users have the task permission, not to be confused with the WCU task permission, described above. Also, the users visible are enabled, disabled users will not be displayed.

Users with Permission on a Specific Task

To give a user the permission to see the task, simply move the user from the left side to the right side. This is accomplished by selecting one or more users and then click the right-arrow. Conversely, to remove a user from the permission select the users from the right side and click the left-arrow. At the top of the left side you can search for users by typing and as you go the users will be filtered to match what you type.

In the picture "Users with Permission on a Specific Task" to the right you see the user 'serverTriggerUser' which is an enabled user which do not yet have the permission to see the task.

Bottom selection "Add who can see task"

The bottom selection from above 'Add who can see task' will not list who already has access to the task, but rather just list all users available regardless whether they already have permission or not to the task.

You can also give a user permission to all running tasks on WCUs whose task types that user has access to. See The new user dialog (the portal administrator view).