Adding roles and permissions

You add roles using the station’s Role Manager view (RoleService).

1. Right-click RoleService in the Nav tree, click Views > Role Manager.

   The Role Manager view opens.

   
   
   
2. Click the New button, enter the number of roles to create in the pop-up window and click OK.
   The system displays the New window with a row for each role you are creating.
   
   
3. Name the role.
4. To configure a role as a super user, click the Permissions check box for Super User.

   The built-in Admin role grants all possible rights for every category (super user). Only when logged in as the Admin user, or another super user, can you assign super user rights using the Super User check box.

   In general, assigning super user rights should be strictly limited and based on special needs. For example, a Supervisor station may need super user rights to connect with other station clients (machine login vs. login by a person) in scenarios where Program objects are exported from stations using ExportTags. Human users may need super user rights to add and edit Program or Robot components.

   CAUTION: Do not make it a common practice to give station-to-station users admin privileges. If your network is breached, a station-to-station user could cause significant damage without drawing attention to what is happening.
5. To set up individual permissions, click the chevron at the end of the Permissions property.

   The Permissions map opens.

   
   
   

   The first column, Category, lists the groups to which you may grant permission. The Operator and Admin columns relate to the permissions level configured on each component. Below these headings are the cells to use for assigning one of three permissions to each category:

   • R = Read allows the user to view the object.

   • W = Write allows the user to change the object.

   • I = Invoke allows the user to initiate an action related to the object.

   Depending on how the permission level is set on the slot, six permissions are derived:

   • To allow a user to view operator-level information, check the Operator config flag on the slot and select the Operator R column on the permission map.

   • To allow a user to modify operator-level information (if it is not read-only), check the Operator config flag on the slot and select the Operator W column on the permission map.

   • To allow the user to view and invoke operator-level operations (actions), check the Operator config flag on the slot and select the Operator I column on the permission map

   • To allow the user to view admin-level information, leave the Operator config flag unchecked on the slot and select the Admin R column on the permission map.

   • To allow the user to modify admin-level information (if it is not read-only), leave the Operator config flag unchecked on the slot and select the Admin W column on the permission map.

   • To allow the user to view and invoke admin-level operations (actions), leave the Operator config flag unchecked on the slot and select the Admin I column on the permission map.

   When you assign permissions, higher-level permissions (green check marks) automatically include the lower-level ones (gray check marks). For example, if you enable admin-level write (W), the system automatically enables admin-level read (R), as well as operator-level read and write (RW).

6. Click the cell to assign a permission and click OK.
   The e Permissions property displays the permissions.
7. To finalize permissions, click OK.
8. In a multi-station system, perform these same steps in each station so that each station has the same set of roles.
   Note: During the network user synchronization process the framework sends the user’s role assignment to the receiving station, however, it does not create the actual role(s) on the receiving station. You must set up matching roles on each receiving station before synchronizing network users.