Authorization

Multi-user

Asset Strategy Optimization is a multi-user application. This means that the application can be used by multiple users at the same time. There may, however, be situations in which it is desirable that certain user groups in an organization are restricted in viewing and/or modifying certain data.

In most environments, the FM Library is particularly important. The data contained in this library is often the basis for several analyses and calculations, and must therefore be reliable. In an organization in which multiple people work with Asset Strategy Optimization, it may be desirable that one person is appointed "Library Administrator" who will be the only person with the rights to implement changes in the FM Library working mode. The remaining users of the FM Library have "read-only" rights, which will allow them to view and use the default objects for their models.

In addition to this example, there are other structuring possibilities that are usually set by the application administrator once only, after which they may never be deleted. Examples are Maintenance Cost Categories and Free fields. To do this, you can create an advance control group so that a limited number of people is entitled to access and/or modify these aspects.

In addition to module authorization it is possible set permissions on folders and systems within folders in both FMECA systems and folders within the FM library. See Asset level authorization - setting permissions.

Activate Authorization

To be able to use authorization in Asset Strategy Optimization, the function must first be activated. This can be done in the System Options screen (Extra > Options > Authorization settings), by setting the checkbox 'Authorization enabled'.

Authorization must first be activated before used rights can be defined

The ADMINISTRATOR account

Before you start setting up authorizations, we recommend you allocate a password to the ADMINISTRATOR account. This will prevent other users from logging on as Administrator. The ADMINISTRATOR account allows for all possible actions within Asset Strategy Optimization.

System administrator

Setting up authorization impacts how users can access functions in both the desktop and the web application. The ADMINISTRATOR account will typically be the role to configure Asset Strategy Optimization to the needs of your organization. Apart from this role, it is assumed your organization also has a system administrator with permission to restart the web application. This is required when configuration changes are made that also affect the web application and will only take effect after restarting the website of Asset Strategy Optimization.

Setting Up Authorization

Asset Strategy Optimization authorization applies to the entire database, and is also stored in this database. You must be aware of this before you deploy this functionality. When using different Asset Strategy Optimization environments (databases), authorization must be set per database.

To set up the authorization, proceed with the following steps:

• Set up groups

• Allocate group-based authorizations

• Create users

Set up groups

Before setting up authorization in detail, you are advised to first decide on the names of the groups as well as their respective rights.

Using the window of the screenshot below, you can create and modify groups. You can create a new group by clicking the "New" button. Next, you can give the group a name. Configuring the group is done by setting the authorizations.

Authorizations by function/module per group

Allocate group-based authorizations

Asset Strategy Optimization comes with the Administrators group by default, which cannot be deleted. You cannot change the rights (this group has full rights). You may decide on and set up the authorizations for the groups that you add yourself.

Authorizations can be subdivided into 4 categories: "Read" (R), "Write" (W), "Add" (A), and "Delete" (D) rights, the letters in parentheses corresponding to the respective letters in the window.  These authorization levels correspond to the windows. To change a group's authorizations, you must click the Edit button or double click a row, which will open the window below.

Allocate authorizations for a group

Example: If a group has not been allocated "read" rights in the FM Library, a member of this group cannot access the associated screens. If a group does have "read" rights, but does not have "add" rights, a user cannot add in the FM Library working mode, etc. Menu actions are subject to authorization as well.

It is important to be aware of the following:

• You cannot "drag" or "cut" in the screen without the required "delete" rights, as these actions basically imply a delete action.

• You cannot "import" or "paste" in the screen without the required "add" rights, as these actions basically imply an add action.

  Note: An import action may cause existing rights to be overridden.

Create users

After setting  up the groups, you can create users and associate them with the groups set up. Users in Asset Strategy Optimization is done in the Authorization settings Users tab.

System Options - Users tab

To add a user, click the "New" button. This will open the window below:

Adding a new user

The following fields are used in authorization: