Access Control Profiles in Calem
Access control profiles, or ACL Profiles, can be configured to allow users of your organization and your customers to sign into Calem and access the data and menu actions allowed.
ACL Profile Case 1: Internal Use
Calem Enterprise is used by a manufacturing plant. The plant employees are the only users of Calem. ACL profiles can be created based on employee job roles.
- Maintenance Staff who uses work orders and service requests on a daily basis.
- Maintenance Managers who schedule work orders, manage PM plans, changes, and review dashboards.
- Storeroom Staff who manages spare parts.
- Purchasing Staff who manages requisitions and purchase orders.
- Owner groups may be used to partition assets based on job roles and allow users to access assets of their responsibilities. See additional resources below for more info.
ACL Profile Case 2: External Use
Calem Enterprise is deployed for a service provider who manages assets at customer sites. The employees of both the service provider and customers will use Calem. ACL profiles should be designed based on customers.
- If the service provider has many regional offices with each office providing services to customers in their region, the ACL profiles should be organized by regional offices:
- Create an ACL Profile for maintenance staff in region A. Maintenance staff of region A uses this profile to access assets of the customers in region A. Other ACL profiles in "Internal Use" above may be created for region A.
- The same goes for region B, C, etc.
- Multi-currency in Calem allows an organization to manage offices in different countries.
- Multiple cloud services may also be considered depending on business requirements.
- If the service provider has a single office with teams each servicing a group of customers, ACL profiles should be organized based on teams.
- Create an ACL Profile for service team A. Maintenance staff of team A uses this profile to access assets of the customers serviced by team A. Other profiles in "Internal Use" above may be created for team A.
- The same goes for team B, C, etc.
Customers may request access to your Calem. ACL profiles can be configured for each customer.
- Create an ACL profile for customer A. Employees of customer A can log into Calem and access their assets, work orders, and service requests.
- The same goes for customer B, C, etc.
ACL Profiles includes both data and user interface access control. We will cover the steps to create ACL profiles below.
Step 1. User Groups
The first step is to create user groups mapping to the personas in your organization and customers. Personas represent groups of users of the same job roles. For example, you may create groups for maintenance technicians, storeroom clerks, and managers.
- Menu path: Admin module | Groups
- The group object use hierarchy to simplify its management. Child groups inherit settings of parent groups. For instance, all your non-manager groups can be child group of "Users" group seeded in Calem. Manager groups can be child groups of "Admin" group seeded in Calem.
- Forms and menu access control can be configured at groups.
- You can define groups for phone, tablets and touch desktops in addition to web groups so that customized experiences can be delivered for phone, tablet and touch desktop users.
- See additional resources below for information in configuring groups.
The following is a screenshot of sample groups in Calem.
Step 2. ACL Profiles
Next, create ACL profiles based on groups and sites.
- Menu path: Organization module | ACL Profiles | ACL Profile list
- Set a web group and optionally set groups for phone, tablet and touch desktop.
- Tick "All site access" if there is only one site or the profile allows access to all sites.
- Configure profile data change permissions
- Owner groups allow partitioning assets based on job responsibilities
- Dropdown set defines customized dropdown lists for this profile
- Save the profile when done, the profile form opens with "Site" and "User" tabs:
- At the "Site" tab, add sites to grant access to the site data
- At the "User" tab, add users to use this profile