Role-Based Permissions

Role-Based Permissions allow for fine-grained control over which resources should be accessible for users and groups of users. Permissions are granted by assigning Segments and Roles to a user. Each Segment define a subset of contexts for which permissions can be granted. A Role indicates which permissions to grant for entities within a Segment.

Roles and Segments appear in the System Tree when at least one user has the property Use Role-Based Permissions activated under Account Settings.

Segment

A Segment is a list of contexts and context masks defining a subset of contexts for which permissions will be applied. Each segment can inherit definitions from another segment, allowing for different permission levels to be managed.

In order to create a segment which includes all devices, the segment would contain the following context masks:

users
users.*
users.role.*
users.role.devices.*
users.admin.devices.*

Each entry is necessary to include devices in the segment. For example, users.* can only be included in the segment if users is already part of the segment.

Roles

With the above Segment being applied, a Role can be created to give access to certain device types. In order to give access to all entities in all Virtual Devices, excluding Functions and Variables, the following row can be added to the permissions table of the role.

Context Type: type of contexts to that the permissions will be applied, e.g. device.virtual applies permissions to contexts of type “device.virtual”.
Entity Type: type of context entities to that the permissions will be applied, e.g. All indicates the permission will be applied to all entities of the indicated context type.
Entity: name of context entity to that the permissions will be applied, e.g. All indicates the permission will be applied to all entities of the indicated type.
Exceptions is a nested table indicating entities for which this permission which will not be applied.
- Entity Type: type of context entity to that the permissions will not be applied, e.g. Function indicates permissions will not be applied to an entity of type “Function”
- Entity: name of context entity to that the permissions will not be applied, e.g. Calculate indicates that the “Calculate” function will be excluded from the application of this permission.
Permissions: type of permissions to be applied, e.g. All gives read, write and execute permissions to users the indicated entities.

Assigning Permissions to Users

In order to give a user access to all virtual devices, while denying access to the Calculate function, the Segment and Role created above must be applied to the user’s properties. In the Role-Based Permissions tab of the target user, add a row and indicate the following values:

Context Mask or Segment: segments.<name of segment created above> to indicate the above segment.
Role: roles.<name of role created above> to indicate the above role.

DPF_EXPORT_V5.8.8 / TIME_1743710565 / 2025-04-03 20:02:45 / STRLEN_4366 / STRLEN_HTML_5304

{VERSION}

Was this page helpful?