User management

CE-CON Safety offers a two-level user management system. On the one hand different roles - and with them different permissions - can be assigned to users on a tenant level. On the other hand they can be assigned for single projects.
This makes a variety of collaboration constellations possible.

Definition

Instead of defining single permissions for every possible operation for each user, they are summarized in typical roles.
Each role is defined by a role name and a permission matrix, which consists of every possible object (e.g. project, product, component, etc.) and the possible actions (read, edit, create, delete).

Tenant or project level roles

Roles assigned on tenant level offer a base of permissions for all projects of that tenant.
This should be used with care as it should be noted which users are granted permissions on this level.
It is also possible to assign permissions of access on specific projects (see below).

Roles assigned on a project level extend permissions on the level of specific projects. This makes it possible to give project leaders high level permissions for their own projects, without granting them full access to all projects of the tenant.

Management of users and tenant level roles

Managing users and roles can be done in the setting of the user in the Tenant Users tab.

Adding users to the tenant

A user account with the role Manager or Administrator is required to add users to the tenant.

Choose the letter symbol in the table Pending invitations and enter the email address of the person being invited and a message for that person. You can also choose a role that will be assigned to the user as soon as the invitation has been accepted.
The recipient of the invation can use an existing user account or create a new one.
A user with an existing account will then have the possibility to switch between tenants.

Managing user roles

A user account with the role Manager or Administrator is required to manage user roles of.

Choose the option Add roles in the three-point-menu of the Tenant Users . After this you can choose from a list of roles.

Management of users and project level roles

In the detail view of a project you can find a Settings tab whre you can find a Users tab. In the displayed list you can add users that have been connected with the tenant (see above) to the project using the + button.

After this, using the three-point-menu of a user in the list, roles can be assigned (with the options Add roles or Remove role X) and users can be removed from the project (with the option Remove this user ).

Rolespecific permissions

Tenant level roles

Role: Read access

The role Read access allows the user to view all projects of the tenant, as well as all their linked products, components, risk assessments, etc.

There are no permissions to edit, create or delete linked with this role.

Role: Engineer

The Engineer role has full read access.

(lightbulb) Hint: Grant further permissions on project level. This way specific editors can be limited to specific projects. Select the Users tab in the project detail view for this.

Role: Template Manager

The role Template Manager has the authorisation, edit or delete all templates (danger points, components, text templates) and create new ones.

Role: Project-Manager

The role Project-Manager has the permission to edit or delete all projects of the tenant and to create new ones.

Furthermore a Project-Manager a manager can add or remove users from projects and can assign their roles.

Role: Administrator

The role Administrator has all rights of the Manager and can additionally edit the details of the users of the tenant.

Projectspecific roles

Role: Read access

The role Read access allows the user to view the whole project, as well as all its linked product, and the product's components, risk assessments, etc.

There are no permissions to edit, create or delete linked with this role.

Role: Engineer

The role Engineer has full read access to the project and in addition also create and delete permissions for parts of the project.

An Engineer can edit the whole project and all of its parts. All object below the level of the product - components, danger points, measures, etc. - can be edited or deleted. The details of the product can be edited but the product itself cannot be deleted.

(lightbulb) Tip: To add measure templates, the role Engineer should be added on tenant level.

Role: Manager

The role Manager has the same permissions as the Engineer and has in addition the permission to create a project's product. Furthermore a Manager can manage the project's users. He can add, remove or assign roles to users.