A role defines a set of permissions for actions and/or objects available for users within Connect and may be applied to objects as well. A role may be assigned to multiple users and multiple objects, however a user can have only one role assigned.
The Read Only Role may only be applied to one user/site/agent. The user assigned to this role can still view other folders.
Sections within this topic:
Creating a role
To create a role:
Choose the drop-down arrow to the far right of the menu bar.
Choose Edit Users/Roles.
In the Users and Roles window, in the Roles tab, choose Add.
In the Edit Role window, enter the Name of the role you are creating.
- The Expires date defaults to one year from the current date, however you can edit this date. When the role expires, the user will no longer have access to Connect.
Under the Permissions section, choose the permissions that users assigned to this role will have.
If you have several check boxes to mark, choose the Admin check box to mark all of the check boxes and then remove the marks you don't need.
- Choose OK.
Editing a role
To edit a role:
Choose the drop-down arrow to the far right of the menu bar.
Choose Edit Users/Roles.
In the Users and Roles window, in the Roles tab, choose a role and then choose Edit.
In the Edit Role window, you can edit name, expiration date, and/or permissions.
- Choose OK.
Deleting a role
To delete a role:
Choose the drop-down arrow to the far right of the menu bar.
Choose Edit Users/Roles.
In the Users and Roles window, in the Roles tab, choose a role and then choose Delete. Users assigned to this role will not have log in Connect.
- Choose Yes in the confirmation window.
- Choose OK.
Applying a role to an object
Roles can be applied to objects to limit a specific set of objects/devices to users who have been assigned to the same role. Users with the Admin role will be able to see all of the objects. Multiple roles may be applied to objects. The Object role application rules table indicates if roles may be applied at the top level and the inheritance (if any) to children.
To apply a role to an object:
In this example, a role is applied to a Site.
- Choose the Configuration Explorer
icon, and then expand Campuses and then expand the campus name.
Right-click on the Site name.
- Choose Edit Roles.
In the Object Role Editor, mark/unmark the Can Read and/or Can Edit check boxes next to the roles.
Your user role will not be visible.
- Choose OK. All Areas beneath this Site will have the same roles applied.
- If you apply roles to a level above the Site, a message asks if it is okay to apply the changes to all of the selected objects, which are the children beneath the object that is selected based on the rules defined in the Object role application rules table.
- Choose Yes and the children beneath this level will be updated to the roles applied at this level.
- Choose No to return to the Object Role Editor and then choose Cancel to close the window.
Object role application rules
There are different rules for the top-level objects and how (or if) a role affects the object's children.
| Object | Apply to Top-Level | Inheritance to children | Additional information |
|---|---|---|---|
Agents | Yes | All children | A role applied at any level is applied to children. |
AutoReports | No | N/A | Roles cannot be applied to any children. |
Campuses (Sites, Areas) | Yes | All children | A role applied at any level is applied to children |
Energy | No | Inheritance depth is one level. | A role applied to sub-level 1 is applied to sub-level 2, but not to sub-level 2 children. |
Profiles | No | Inheritance depth is one level. | A role applied to sub-level 1 is applied to sub-level 2, but not to sub-level 2 children. |
Reports | No | No | Roles may only be applied to reports. You can apply the role to a folder, but users won't see any reports unless the report also has the role applied. |
Watchdogs | No | Inheritance depth is one level. | A role applied to sub-level 1 is also applied to sub-level 2, but not to sub-level 2 children. |
Download the Roles training guide.