There seems to be a massive gap between Admin and User access rights.
Please consider my following observations:
- User cannot create an Asset, which is fundamental to onboarding a MindConnect device.
- User cannot edit Asset details e.g. Name, Description, Location etc.
- User can only work through the Agent configuration to produce a configuration file if first created by Admin.
- User cannot edit Aspects or add a new Aspect to an Asset.
Ideally we would want to include Users in our MindAccess account to have full access to their own Organisation with no visibility of other Organisations. This allows us to enable Users, rather than simply doing the configuration tasks for them. Admin is not a viable option as they would have full visibility of the MindAccess account and could potentially delete Assets, Aspects and Admin/Users within other Organisations.
Is there any way we will be able to have control over access rights moving forward?
@OliverG you've definitely noted all of the gaps we are seeing with user rights and the impact that has on management / maintenance of your tenant environment. Even our "advanced user" is restricted from changing anything that has an impact on MSUs. As you saw in the other earlier post the MSU effect is the main reason why they do that.
That being said, we are working with the Product team to understand future capabilities / access rights they are planning to implement. I've not yet received details but will follow up as soon as we know more.
@Mbossom, thank you for your prompt and informative response.
It would be great if we could contain independently operating Organisations within our Tenant. The impact on MSUs is an understandable concern regarding access rights. Maybe a message to relevant Admin following any changes to MSU usage by Users would suffice?
Look forward to hearing about future capabilities.
@OliverG I think your request is similar to others we've laid out, but to make sure let me know if you would add anything to the summary below?
In your tenant:
- Add separate organizations, say ORG1 and ORG2 (this exists today)
- Under each of those organizations, add "users" that can consume apps and view data for only that ORG, but restricted from anything administrative, except for minimal asset naming changes (also exists today)
- Under each organization, add an "org admin" that has the ability to add assets, configure data aspects for those assets, and other admin funtions but only for that org (new functionality)
- If T1 tenant admin wants to retain control over MSU/cost impact, need to implement some form of approval before change can be implemented or simple notification that change is done (new functionality)
@Mbossom the summary you provided demonstrates the structure of admin/user access rights we had in mind.
Will there be a limit to the number of permissable org admin per organisation? It is most likely that more than one org admin per organisation would be requested.
In terms of retaining control of MSU/cost impact, a notification email to the assosiated org admin and tenant admin would be effective as with admin access rights they can then edit the configuration contributing to MSU/cost impact, if required.