Cloud offers two mechanisms for defining which parts of your site can be seen or accessed by a user. Apart from regular roles and permissions, in which specific actions can be granted, there is also the possibility of defining asset scopes. With these scopes, you can allow users to access only certain parts of the asset inventory based on domain, asset type, installation or IP location.
Built-in roles
Roles can be found under Configuration, Account Management and then the Roles & Permissions menu. There are 5 built-in roles: Administrator, Analyze Data, Application Admin, Manage Assets, View Data. Each existing role can be altered, duplicated or deleted.
Create a new role
Under Configuration\Account Management, go to Roles & Permissions and then click Add new role. Give the role a name and click Create role. You can then select the permissions to be included in the role. Once the permissions are set, save the role by clicking the Save icon in the top right corner of the page.
Create a new scope
Under Configuration\Account Management, go to Scopes and click Add new asset scope. Fill in a name for the scope and set conditions like in the example below. Afterwards click Save and Exit. A scope defines which assets a user has access to. Once you've created a scope, you'll need to assign it to a role.
Assign a scope to a role
Under Configuration\Account Management, go to Roles & Permissions. Click on the specific role you want to assign a scope to. Click Scopes and select the scopes you want to assign to the role you are editing. If you have multiple installations, you can also select the installations for which the role applies. The user whom the role is assigned to should now only have access to the assets defined in the installations and scopes that are selected.
