Manage users are assigned both a role and access to the facility tree. A user's role defines the user's permissions or types of actions the user can take, and the user's facility tree assignment defines the resources on which the user can act. Based on the facility tree assignment for a given user, they will either have full, partial, or no access to resources (campuses, buildings, floors, areas) within an organization. When an admin creates a user, they assign both users the role and facility access; these can be edited at any time by an admin.
You can view the facility tree when assigning a user to a facility. The facility tree displays the organization along with campuses, buildings, floors, and areas. An area is a grouping of devices such as sensors, gateways, switches, plug load Controllers, on a floor.
The green icon before each name indicates the level of user access.
- Green checkmark — full access.
- Solid green — partial access and
- Gray box — no access.
Full Access:
Users with full access to a resource must have all full access to all children of that resource within the context of the user's role. For example, a user with full access to a building must have full access to all the floors and areas within that building.
Floors:
-
A user cannot have partial access to a floor if the floor does not have any areas. In this case, a user can only have either full or no access to the floor. For example, the second floor does not have any areas. Therefore, the user has full access to the second floor.
Devices:
- Devices (sensors, gateways, PLCs) are associated with areas and floors. A user will have full access to the devices on the floor or in an area only if the user has full access to that area or floor. A user cannot have partial access to a device.
Groups:
- Motion, switch, and daylight groups are associated with a floor. A user has full access to a switch group only if the user has full access to the switch groups' parent floor. A user cannot have partial access to a switch group.
Partial Access:
Users with full access to a subset of buildings, but not all buildings, have partial access to the organization. For example, if a user has full access to one of the three areas on a floor, then the user has partial access to the area's parent floor, building, campus, and organization.
When a floor does not have any areas, the user can only have full or no access to the floor. Groups such as switch, motion, daylight are children of floors. A user has full access to a switch group only if the user has full access to the switch groups' parent (the floor). A user cannot have partial access to switch groups.
User Roles
There are four roles that each user can have; each represents a unique collection of permissions. Each role determines the actions that the user can perform and the information to which they have access. The application user experience is, in some cases, different based on the user's role. For example, the Reports tab is not displayed in the Main menu for users with the employee role. Learn more about adding and assigning roles to users.
-
Administrator – This user performs and sets up the initial configuration, adds users, devices, configures profiles, and performs advanced functionality such as backups, firmware upgrades, and administration of all other users and facilities.
-
Facilities Admin – This user can perform functions relevant to the authorized facilities except for configuring LDAP Settings, system upgrade, system backup and restore, and firmware upgrade.
-
Auditor – This user can view energy consumption details and display reports for authorized facilities, and oversee the organization's operations and reports for further analysis.
-
Employee – This user can view energy consumption and floor plan facilities screens for authorized facilities, control switches and manage fixture profile instances in the same profile template.
The table below outlines the five roles and what they can do. A check indicates that the individual permission is included.
| Permissions | Admin | Facilities Admin | Auditor | Employee |
| User Management |
Add Users *
|  | | | |
Edit or delete Users *
| | | | |
| Device Management (Sensors, Gateways, PLCs, Switches) |
| Add, Discover, Commission Devices | | | | |
| Light Profiles - Control Light level for task-based functions |
| View Profiles | | | | |
| Edit | | | | |
| Create, Delete Profiles | | | | |
| Switch/Motion/Daylight Groups |
| Create Groups | | | | |
| Edit, Delete Groups | | | | |
| Daylight Harvesting |
| Dim lighting when daylight is available | | | | |
| Energy Consumption |
| View energy savings | | | | |
| Reports |
| View Reports | | | | |
| Edit, Delete Report | | | | |
| BACnet |
| Manage BACnet configuration | | | | |
| APIs |
| Issue API calls including Occupancy | | | | |
| Administrative Functions |
| Image Upgrade | | | | |
| Backup and Restore | | | | |
| Schedule Demand Response, Holiday Overrides | | | | |
