Access Control
IGNOS uses Azure AD to authenticate users. This means that all users and their access on ignos.io is handled by the customers active directory. There is no need to create new users in IGNOS, nor do we handle any passwords.
Role descriptions
| Role | Name | Description |
|---|
| MeasurementForms.Operator | Measurement Forms Operator | Operators have the ability to read form instances and log measurements. |
| MeasurementForms.Admin | Measurement Forms Admin | Gives access to everything in the measurement forms app. |
| MeasurementForms.InstanceAdmin | Measurement Forms Instance Admin | Instance admins have the ability to override the instance element list (disable balloons). |
| Supplier.Admin | Supplier Admin | Lets the user administrate suppliers. |
| QC.Admin | QC Admin | This is a combination of MeasurementForms.Admin and MeasuringTools.Admin. |
All users are allowed to read measuring tools data as long as the app is enabled.
| Role | Name | Description |
|---|
| MeasuringTools.Admin | Measuring Tools Admin | Manage measuring tools, calibrations, tool types, whitelists, import etc. |
| QC.Admin | QC Admin | This is a combination of MeasurementForms.Admin and MeasuringTools.Admin. |
Utilization
| Role | Name | Description |
|---|
| Apps.UtilizationDetails | Utilization Details | Required for users to be able to see utilization details and configure alert rules. |
Alarms
| Role | Name | Description |
|---|
| Alarms.Read | Alarms reader | Readers have the ability to browse machine alarms. |
Keep
| Role | Name | Description |
|---|
| Keep.Operator | Keep Operator | Operators can do everything except managing machines and communication settings. |
| Keep.Admin | Keep Admin | Admins can manage machines and communication settings. |
Engage
| Role | Name | Description |
|---|
| Mes.Operator | MES Operator | Manufacturing execution system access for operators. |
| Mes.Reader | MES Reader | Manufacturing execution system access for readers only. |
| Mes.CrossCompany | MES Cross Company | Users with this role are allowed to switch between companies in Engage. |
Workspace
| Role | Name | Description |
|---|
| Workspace.Admin | Workspace Admin | Allows customer wide workspace administration. |
Sustainability
| Role | Name | Description |
|---|
| Iot.Admin | IOT Admin | Configure LogBoxes (power consumption tracking). |
MRB
| Role | Name | Description |
|---|
| Mrb.Trace | Mrb Trace | Users with this role are allowed to trace work orders. |
| Mrb.DocumentController | Mrb Document Controller | Document controllers can maintain MRB templates and create MRB's |
| Mrb.DataManager | Mrb Data Manager | Users with this role can maintain document types |
Other
| Role | Name | Description |
|---|
| Erp | Erp data access | Enables the user to write ERP data. |
| Integration | Integration | Intended for applications and integrations. |
| Admin | Admin | Admin users implicitly has all of the roles above (full access). |
| Operations.Monitor | Operations Monitor | Users that need to see service/operations data for machines. Gives access to the health dashboard. |
| Machines.Groups.Write | Manage Machine Groups | Writers have the ability to create, update and delete machine groups. |
| ExternalServiceCredentials.Read | External service credentials reader | Gives applications acces to read credentials for external services. |
Role assignments
The IGNOS enterprise application defines a set of roles which can be assigned to users or groups within your organization, depending on what capabilities you want your users to have.
- Sign in to the Azure Portal as an admin.
- Search for and select Azure Active Directory.
- Under Manage, select Enterprise applications and click on Ignos.
- Under Manage, select Users and groups > Add user/group.
- Select the user(s) or group(s) you want to assign role(s) to
- Click on the role(s) you want to be assigned to the selected user(s) or group(s)
- Click Assign
The new roles should be effective within an hour or after the next login.