Managing Users

Owned by Nick Gayeski
Last updated: Apr 19, 2024
7 min read

Adding users

When you navigate to the menu “Users” under the “Admin” area, and go to “Add User”, you will see the options listed below. Notice that there is a new piece of information, called Default Roles which specify what roles the new user will inherit from its organization, defined by the “Default Internal Roles”. These roles will be applied to the user when they are created. The Default Internal Roles for the organization can be edited under the Organization administration area.

When you add a user, you are adding them to the organization you have selected in the upper right hand menu of the application. They will by default get access to the default assets the organization they are created in has access to, which can be managed in the Default Asset Permissions tab in the Organization administration area. If you need to edit the user’s roles or access, you navigate to the User Roles or User Asset Permissions tabs listed below.

In addition, an Organization can have “Default Provider Roles” and Provider relationships to other organizations. When a user is created in an Organization with Provider relationships, they will be assigned their organizations default provider role for the clients they serve. Their roles will be limited by the roles allowed under their provider relationships to each client.

More information about User Roles is presented in the section User Roles.

Editing User Roles

If you need to edit a user’s roles, select the “User Roles” tab and pick the user you want to edit.

A list of Organizations will appear to which the user has access. Click “Edit” to edit the roles for the user to that organization.

A selection will appear to assign different roles from the available roles for the user. The available roles are limited to the roles available to the organization, which are dictated by the settings for the organization or the available roles from provider relationships. You can assign a new role, or take away a role, for that user for the selected Organization by selecting the role and clicking the appropriate arrow to remove or apply the role. Once you make these selections, you will be presented with the option to “Save” or “Discard” the role assignments. You can also “Reset Roles” in the selection boxes, which will undo any changes you made to the selected roles. You must always “Save” the new assignments for roles to be applied.

Multiple roles can be applied to each user. For a typical user, you could apply the “Standard User” role, and if they are going to be involved in creating, assigning, being assigned, or closing Tasks for that specific client Organization, they should be assigned the “Task Manager” role. If they are a user that can edit assets such as buildings or equipment, they should be granted the “Asset Editor” role, and if they should be able to create and manage users they should be granted the “User Admin” role. Note that “Standard User” role allows a user to edit building and equipment variables.

For users that need access to any ‘non-standard modules’, such as Performance Indicators or Performance Dashboard, apply the appropriate role such as “Indicators” or “Performance Dashboard”. If you would like to grant a user view access only, grant them the “Standard Viewer” role, or if you would like to grant them access only to raw time series data, grant them the “Data Access” Role. More detail on Roles is available in the User Roles documentation below. Compared to legacy functionality, roles are used to replace functionality associated with client and user module restrictions or assignments.

In general, you should not have to edit user roles at the user role level except to promote users to a user administrator or asset editor. Most users will inherit roles from their Organization’s Default Internal Roles or Default Provider Roles along with their provider relationships' roles.

Editing user asset permissions i.e. access to buildings and organizations

In addition to editing a users' roles, you may need to edit what buildings a user has access to. There is a “User Asset Permissions” tab through which you can manage which organizations (including their own) and which buildings the user has the right to edit, update or delete. If the user does not have the administrative role “Asset Editor”, they will not be allowed to update or delete an asset regardless of what these settings are configured to do. However, if they are an “Asset editor” and you want to restrict their ability to update a specific building or organization, you can limit their rights to those assets here.

The primary use case for this page is to grant or apply ‘Read’ access to specific buildings within a portfolio so that users are limited to only the buildings of interest to them. Compared to legacy functionality, this replaces the concept of restricted clients and restricted buildings.

If you need to remove a users' ability to view a building, uncheck the “Read” box for that building. Options to “Save” or “Discard” your changes will be presented below. Your changes will be saved once you click the save button. If you wish to take away the users access to the entire organization, uncheck the “Read” box for the Organization, which will be listed with a blank Buildings entry, and they will no longer be able to view that organization.

When you make edits to a user’s asset permissions, a new role will be applied to the user called “UserAssets”. This role indicates that the user has custom assets that differ from its Organizations default permissions. If the User has default organization assets, they will have the default “OrgAssets” user role providing them with the default assets permitted for the Organization.

Explaining User Roles

The platform is designed to allow for the flexible creation and administration of roles, which can be set as defaults for organizations, made available to organizations, and assigned to specific users within an organization. Unless otherwise specified at the user level, users for any organization will automatically be granted their default roles for the organization. In addition, users that provide for other organizations, through Provider relationships, will inherit the provider roles assigned to their organization, unless otherwise specified at the user level. Currently, there are a 15 available roles in the platform, however, these may be added to and edited over time. Two of those roles are reserved for system administrators.

Typical Roles

The following roles are the most relevant for the vast majority of users:

  • Standard Viewer - which grants the rights to view assets and access to ‘standard’ modules, including the Home Page, Diagnostics, Analysis Builder, Commissioning Dashboard, Tasks, Projects, Reporting, Equipment Profiles, Building Profiles, and Documents, as well as granting users the ability to create, edit, and delete dashboards.

  • Standard User - which includes the rights of the viewer, but also grants rights to create Tasks and postpone analyses.

  • Asset Editor - which includes the rights of standard users, but also grants rights to create and to edit organizations, building groups, buildings, building variables, equipment, equipment variables, points, and organization dashboard templates.

  • User Admin - which includes the rights of the Asset Editor, but also grants the rights to created, edit and delete users.

  • Task Manager - which grants the right to create, edit and delete tasks and projects within an Organization. Any user granted this role for an organization, including providers with access to their client organizations, will be shown in the Task Assignee dropdown when creating or editing tasks.

Special Roles

There are a number of special roles in the system designed to handle specific use cases, which include the following roles:

  • Onboarding - which grants an onboarding administrator the rights to create buildings, equipment, data sources, points and access to onboarding only pages such as the bulk upload area.

  • BA Viewer - users with this role can view dashboards in the new user interface, but they cannot create, edit or delete dashboards nor can they add dashboard templates. This role is best suited for end users who are consumers of high level reporting about the use of the system, but still require access to read-only views of other features such as Diagnostics and Tasks (especially when utilizing dashboards with links to specific diagnostics/tasks).

  • Dashboard Viewer - this role constrains the user to a read-only view of Dashboards. This role is best suited for new users who may be interacting with Performance Insights dashboards prior to diagnostics and other features being made available to the user.

Deactivating Users

To deactivate a user, follow these steps:

  • Navigate to the user administration area of the classic administration website, available here: User Admin

  • Click “Edit” on the user you need to deactivate

  • Uncheck the “Active” checkbox

  • Click “Update User”

  • You have deactivated the selected user after this step